1. Home
  2. ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID ATT&CK Name Number of Mappings Number of Subtechniques
T1564 Hide Artifacts 2 1
T1648 Serverless Execution 6 0
T1098.006 Additional Container Cluster Roles 3 0
T1578 Modify Cloud Compute Infrastructure 4 5
T1119 Automated Collection 9 0
T1090.001 Internal Proxy 3 0
T1561.002 Disk Structure Wipe 1 0
T1489 Service Stop 2 0
T1550.004 Web Session Cookie 5 0
T1565 Data Manipulation 7 3
T1110.004 Credential Stuffing 1 0
T1491 Defacement 3 2
T1008 Fallback Channels 3 0
T1021.007 Cloud Services 7 0
T1555.006 Cloud Secrets Management Stores 6 0
T1068 Exploitation for Privilege Escalation 3 0
T1671 Cloud Application Integration 4 0
T1552.001 Credentials In Files 1 0
T1557 Adversary-in-the-Middle 5 1
T1199 Trusted Relationship 6 0
T1041 Exfiltration Over C2 Channel 2 0
T1213.002 Sharepoint 2 0
T1021.008 Direct Cloud VM Connections 4 0
T1204 User Execution 5 1
T1021.001 Remote Desktop Protocol 2 0
T1539 Steal Web Session Cookie 3 0
T1136 Create Account 8 1
T1499.004 Application or System Exploitation 2 0
T1498.002 Reflection Amplification 3 0
T1649 Steal or Forge Authentication Certificates 3 0
T1552.005 Cloud Instance Metadata API 7 0
T1110.001 Password Guessing 2 0
T1021.004 SSH 2 0
T1132 Data Encoding 2 2
T1190 Exploit Public-Facing Application 11 0
T1599.001 Network Address Translation Traversal 1 0
T1071.002 File Transfer Protocols 2 0
T1498 Network Denial of Service 3 2
T1070.001 Clear Windows Event Logs 3 0
T1210 Exploitation of Remote Services 6 0
T1530 Data from Cloud Storage 16 0
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol 6 0
T1590.002 DNS 1 0
T1213.001 Confluence 2 0
T1005 Data from Local System 2 0
T1609 Container Administration Command 1 0
T1219 Remote Access Tools 4 2
T1562.012 Disable or Modify Linux Audit System 3 0
T1528 Steal Application Access Token 5 0
T1491.002 External Defacement 3 0
T1132.002 Non-Standard Encoding 2 0
T1565.001 Stored Data Manipulation 5 0
T1219.002 Remote Desktop Software 1 0
T1656 Impersonation 1 0
T1071.001 Web Protocols 3 0
T1090 Proxy 4 3
T1485 Data Destruction 5 1
T1072 Software Deployment Tools 9 0
T1078 Valid Accounts 5 3
T1537 Transfer Data to Cloud Account 8 0
T1606.001 Web Cookies 4 0
T1092 Communication Through Removable Media 1 0
T1621 Multi-Factor Authentication Request Generation 1 0
T1559 Inter-Process Communication 1 0
T1548 Abuse Elevation Control Mechanism 9 1
T1552 Unsecured Credentials 12 4
T1659 Content Injection 1 0
T1557.002 ARP Cache Poisoning 2 0
T1211 Exploitation for Defense Evasion 5 0
T1505.003 Web Shell 1 0
T1098.003 Additional Cloud Roles 13 0
T1556.009 Conditional Access Policies 6 0
T1021 Remote Services 4 4
T1219.003 Remote Access Hardware 1 0
T1078.004 Cloud Accounts 11 0
T1525 Implant Internal Image 3 0
T1505 Server Software Component 1 1
T1562.008 Disable or Modify Cloud Logs 5 0
T1025 Data from Removable Media 3 0
T1095 Non-Application Layer Protocol 4 0
T1550.001 Application Access Token 9 0
T1205 Traffic Signaling 1 2
T1221 Template Injection 2 0
T1059.009 Cloud API 8 0
T1027 Obfuscated Files or Information 1 0
T1204.003 Malicious Image 3 0
T1585.003 Cloud Accounts 1 0
T1071 Application Layer Protocol 3 5
T1071.005 Publish/Subscribe Protocols 3 0
T1195.001 Compromise Software Dependencies and Development Tools 7 0
T1036.010 Masquerade Account Name 1 0
T1562.004 Disable or Modify System Firewall 1 0
T1565.003 Runtime Data Manipulation 1 0
T1098.002 Additional Email Delegate Permissions 1 0
T1213 Data from Information Repositories 14 3
T1195.002 Compromise Software Supply Chain 4 0
T1570 Lateral Tool Transfer 3 0
T1491.001 Internal Defacement 2 0
T1098.004 SSH Authorized Keys 4 0
T1564.002 Hidden Users 1 0
T1586.003 Cloud Accounts 2 0
T1531 Account Access Removal 1 0
T1666 Modify Cloud Resource Hierarchy 5 0
T1602 Data from Configuration Repository 4 2
T1543 Create or Modify System Process 4 0
T1561 Disk Wipe 1 2
T1578.003 Delete Cloud Instance 2 0
T1070.008 Clear Mailbox Data 1 0
T1110.003 Password Spraying 2 0
T1529 System Shutdown/Reboot 2 0
T1610 Deploy Container 4 0
T1556 Modify Authentication Process 6 3
T1091 Replication Through Removable Media 2 0
T1059.001 PowerShell 1 0
T1556.006 Multi-Factor Authentication 3 0
T1113 Screen Capture 1 0
T1087 Account Discovery 3 1
T1134 Access Token Manipulation 1 0
T1486 Data Encrypted for Impact 3 0
T1567.002 Exfiltration to Cloud Storage 1 0
T1020.001 Traffic Duplication 3 0
T1496.001 Compute Hijacking 2 0
T1552.004 Private Keys 5 0
T1567 Exfiltration Over Web Service 7 2
T1078.003 Local Accounts 5 0
T1499.003 Application Exhaustion Flood 3 0
T1562.007 Disable or Modify Cloud Firewall 5 0
T1567.004 Exfiltration Over Webhook 2 0
T1098.005 Device Registration 2 0
T1020 Automated Exfiltration 3 1
T1052 Exfiltration Over Physical Medium 4 1
T1578.005 Modify Cloud Compute Configurations 3 0
T1059 Command and Scripting Interpreter 9 4
T1071.003 Mail Protocols 2 0
T1213.004 Customer Relationship Management Software 3 0
T1578.001 Create Snapshot 2 0
T1110 Brute Force 3 4
T1080 Taint Shared Content 5 0
T1114.002 Remote Email Collection 2 0
T1578.002 Create Cloud Instance 2 0
T1484.002 Trust Modification 6 0
T1110.002 Password Cracking 2 0
T1498.001 Direct Network Flood 3 0
T1574 Hijack Execution Flow 2 1
T1548.005 Temporary Elevated Cloud Access 4 0
T1205.001 Port Knocking 1 0
T1070.002 Clear Linux or Mac System Logs 3 0
T1484.001 Group Policy Modification 1 0
T1098 Account Manipulation 17 6
T1499 Endpoint Denial of Service 2 3
T1040 Network Sniffing 5 0
T1059.006 Python 1 0
T1602.001 SNMP (MIB Dump) 3 0
T1669 Wi-Fi Networks 2 0
T1059.005 Visual Basic 1 0
T1555 Credentials from Password Stores 4 3
T1036 Masquerading 2 1
T1496.004 Cloud Service Hijacking 3 0
T1562.001 Disable or Modify Tools 7 0
T1546 Event Triggered Execution 5 0
T1087.004 Cloud Account 1 0
T1561.001 Disk Content Wipe 1 0
T1098.001 Additional Cloud Credentials 14 0
T1136.003 Cloud Account 6 0
T1550 Use Alternate Authentication Material 5 2
T1555.005 Password Managers 3 0
T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol 6 0
T1090.003 Multi-hop Proxy 4 0
T1485.001 Lifecycle-Triggered Deletion 5 0
T1565.002 Transmitted Data Manipulation 5 0
T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol 4 0
T1114.003 Email Forwarding Rule 2 0
T1114.001 Local Email Collection 2 0
T1606 Forge Web Credentials 7 1
T1535 Unused/Unsupported Cloud Regions 4 0
T1571 Non-Standard Port 3 0
T1578.004 Revert Cloud Instance 1 0
T1496.002 Bandwidth Hijacking 3 0
T1176 Software Extensions 3 0
T1484 Domain or Tenant Policy Modification 5 2
T1552.007 Container API 4 0
T1212 Exploitation for Credential Access 5 0
T1490 Inhibit System Recovery 8 0
T1200 Hardware Additions 1 0
T1555.003 Credentials from Web Browsers 1 0
T1538 Cloud Service Dashboard 3 0
T1090.002 External Proxy 3 0
T1132.001 Standard Encoding 2 0
T1070.007 Clear Network Connection History and Configurations 3 0
T1562.002 Disable Windows Event Logging 3 0
T1195 Supply Chain Compromise 5 2
T1556.007 Hybrid Identity 8 0
T1070.009 Clear Persistence 2 0
T1071.004 DNS 2 0
T1599 Network Boundary Bridging 1 1
T1029 Scheduled Transfer 2 0
T1048 Exfiltration Over Alternative Protocol 9 3
T1074.002 Remote Data Staging 1 0
T1574.001 DLL 2 0
T1052.001 Exfiltration over USB 3 0
T1496 Resource Hijacking 4 3
T1070 Indicator Removal 6 5
T1499.002 Service Exhaustion Flood 3 0
T1104 Multi-Stage Channels 2 0
T1651 Cloud Administration Command 3 0
T1205.002 Socket Filters 1 0
T1114 Email Collection 2 3
T1133 External Remote Services 5 0
T1078.002 Domain Accounts 1 0
T1602.002 Network Device Configuration Dump 3 0
T1572 Protocol Tunneling 4 0
T1562 Impair Defenses 10 6
T1046 Network Service Discovery 3 0