1. Home
  2. ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID ATT&CK Name Number of Mappings Number of Subtechniques
T1525 Implant Internal Image 3 0
T1610 Deploy Container 4 0
T1114 Email Collection 2 3
T1008 Fallback Channels 3 0
T1556.006 Multi-Factor Authentication 3 0
T1070 Indicator Removal 6 5
T1090.001 Internal Proxy 3 0
T1546 Event Triggered Execution 5 0
T1656 Impersonation 1 0
T1499.002 Service Exhaustion Flood 3 0
T1078.002 Domain Accounts 1 0
T1548.005 Temporary Elevated Cloud Access 4 0
T1537 Transfer Data to Cloud Account 8 0
T1606.001 Web Cookies 4 0
T1651 Cloud Administration Command 3 0
T1578.001 Create Snapshot 2 0
T1564 Hide Artifacts 2 1
T1070.009 Clear Persistence 2 0
T1574 Hijack Execution Flow 2 1
T1070.002 Clear Linux or Mac System Logs 3 0
T1499.004 Application or System Exploitation 2 0
T1562.002 Disable Windows Event Logging 3 0
T1070.001 Clear Windows Event Logs 3 0
T1213.004 Customer Relationship Management Software 3 0
T1071.002 File Transfer Protocols 2 0
T1040 Network Sniffing 5 0
T1098.002 Additional Email Delegate Permissions 1 0
T1074.002 Remote Data Staging 1 0
T1090.003 Multi-hop Proxy 4 0
T1205.002 Socket Filters 1 0
T1113 Screen Capture 1 0
T1195.002 Compromise Software Supply Chain 4 0
T1609 Container Administration Command 1 0
T1136 Create Account 8 1
T1195.001 Compromise Software Dependencies and Development Tools 7 0
T1578.005 Modify Cloud Compute Configurations 3 0
T1110.002 Password Cracking 2 0
T1530 Data from Cloud Storage 16 0
T1539 Steal Web Session Cookie 3 0
T1557.002 ARP Cache Poisoning 2 0
T1484 Domain or Tenant Policy Modification 5 2
T1499.003 Application Exhaustion Flood 3 0
T1132 Data Encoding 2 2
T1484.001 Group Policy Modification 1 0
T1496.004 Cloud Service Hijacking 3 0
T1087 Account Discovery 3 1
T1092 Communication Through Removable Media 1 0
T1110 Brute Force 3 4
T1027 Obfuscated Files or Information 1 0
T1555 Credentials from Password Stores 4 3
T1213 Data from Information Repositories 14 3
T1567.002 Exfiltration to Cloud Storage 1 0
T1005 Data from Local System 2 0
T1098.005 Device Registration 2 0
T1529 System Shutdown/Reboot 2 0
T1132.001 Standard Encoding 2 0
T1029 Scheduled Transfer 2 0
T1586.003 Cloud Accounts 2 0
T1557 Adversary-in-the-Middle 5 1
T1552.004 Private Keys 5 0
T1590.002 DNS 1 0
T1110.001 Password Guessing 2 0
T1213.002 Sharepoint 2 0
T1200 Hardware Additions 1 0
T1556 Modify Authentication Process 6 3
T1505.003 Web Shell 1 0
T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol 6 0
T1110.004 Credential Stuffing 1 0
T1485 Data Destruction 5 1
T1021 Remote Services 4 4
T1485.001 Lifecycle-Triggered Deletion 5 0
T1528 Steal Application Access Token 5 0
T1059.005 Visual Basic 1 0
T1048 Exfiltration Over Alternative Protocol 9 3
T1071.003 Mail Protocols 2 0
T1132.002 Non-Standard Encoding 2 0
T1531 Account Access Removal 1 0
T1098.006 Additional Container Cluster Roles 3 0
T1555.003 Credentials from Web Browsers 1 0
T1559 Inter-Process Communication 1 0
T1087.004 Cloud Account 1 0
T1562.008 Disable or Modify Cloud Logs 5 0
T1648 Serverless Execution 6 0
T1602.001 SNMP (MIB Dump) 3 0
T1602.002 Network Device Configuration Dump 3 0
T1552.007 Container API 4 0
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol 6 0
T1499 Endpoint Denial of Service 2 3
T1052 Exfiltration Over Physical Medium 4 1
T1114.003 Email Forwarding Rule 2 0
T1114.002 Remote Email Collection 2 0
T1565.003 Runtime Data Manipulation 1 0
T1136.003 Cloud Account 6 0
T1496 Resource Hijacking 4 3
T1110.003 Password Spraying 2 0
T1204.003 Malicious Image 3 0
T1104 Multi-Stage Channels 2 0
T1486 Data Encrypted for Impact 3 0
T1602 Data from Configuration Repository 4 2
T1552 Unsecured Credentials 12 4
T1491 Defacement 3 2
T1195 Supply Chain Compromise 5 2
T1578.002 Create Cloud Instance 2 0
T1219 Remote Access Tools 4 2
T1578.004 Revert Cloud Instance 1 0
T1496.001 Compute Hijacking 2 0
T1078.003 Local Accounts 5 0
T1498.001 Direct Network Flood 3 0
T1491.002 External Defacement 3 0
T1565.002 Transmitted Data Manipulation 5 0
T1562.001 Disable or Modify Tools 7 0
T1091 Replication Through Removable Media 2 0
T1021.004 SSH 2 0
T1552.005 Cloud Instance Metadata API 7 0
T1133 External Remote Services 5 0
T1036 Masquerading 2 1
T1538 Cloud Service Dashboard 3 0
T1555.006 Cloud Secrets Management Stores 6 0
T1489 Service Stop 2 0
T1068 Exploitation for Privilege Escalation 3 0
T1025 Data from Removable Media 3 0
T1119 Automated Collection 9 0
T1059 Command and Scripting Interpreter 9 4
T1041 Exfiltration Over C2 Channel 2 0
T1021.007 Cloud Services 7 0
T1090.002 External Proxy 3 0
T1565.001 Stored Data Manipulation 5 0
T1599.001 Network Address Translation Traversal 1 0
T1020.001 Traffic Duplication 3 0
T1585.003 Cloud Accounts 1 0
T1095 Non-Application Layer Protocol 4 0
T1020 Automated Exfiltration 3 1
T1098 Account Manipulation 17 6
T1098.001 Additional Cloud Credentials 14 0
T1071 Application Layer Protocol 3 5
T1098.003 Additional Cloud Roles 13 0
T1571 Non-Standard Port 3 0
T1550 Use Alternate Authentication Material 5 2
T1555.005 Password Managers 3 0
T1190 Exploit Public-Facing Application 11 0
T1078 Valid Accounts 5 3
T1114.001 Local Email Collection 2 0
T1606 Forge Web Credentials 7 1
T1550.004 Web Session Cookie 5 0
T1561.002 Disk Structure Wipe 1 0
T1212 Exploitation for Credential Access 5 0
T1567.004 Exfiltration Over Webhook 2 0
T1052.001 Exfiltration over USB 3 0
T1570 Lateral Tool Transfer 3 0
T1071.001 Web Protocols 3 0
T1561.001 Disk Content Wipe 1 0
T1562.007 Disable or Modify Cloud Firewall 5 0
T1552.001 Credentials In Files 1 0
T1578 Modify Cloud Compute Infrastructure 4 5
T1666 Modify Cloud Resource Hierarchy 5 0
T1021.001 Remote Desktop Protocol 2 0
T1659 Content Injection 1 0
T1205 Traffic Signaling 1 2
T1059.009 Cloud API 8 0
T1078.004 Cloud Accounts 11 0
T1548 Abuse Elevation Control Mechanism 9 1
T1565 Data Manipulation 7 3
T1562 Impair Defenses 10 6
T1080 Taint Shared Content 5 0
T1021.008 Direct Cloud VM Connections 4 0
T1556.007 Hybrid Identity 8 0
T1204 User Execution 5 1
T1213.001 Confluence 2 0
T1562.012 Disable or Modify Linux Audit System 3 0
T1491.001 Internal Defacement 2 0
T1221 Template Injection 2 0
T1669 Wi-Fi Networks 2 0
T1071.004 DNS 2 0
T1564.002 Hidden Users 1 0
T1072 Software Deployment Tools 9 0
T1649 Steal or Forge Authentication Certificates 3 0
T1567 Exfiltration Over Web Service 7 2
T1490 Inhibit System Recovery 8 0
T1090 Proxy 4 3
T1046 Network Service Discovery 3 0
T1498.002 Reflection Amplification 3 0
T1505 Server Software Component 1 1
T1219.002 Remote Desktop Software 1 0
T1211 Exploitation for Defense Evasion 5 0
T1070.008 Clear Mailbox Data 1 0
T1059.001 PowerShell 1 0
T1484.002 Trust Modification 6 0
T1059.006 Python 1 0
T1210 Exploitation of Remote Services 6 0
T1219.003 Remote Access Hardware 1 0
T1205.001 Port Knocking 1 0
T1134 Access Token Manipulation 1 0
T1543 Create or Modify System Process 4 0
T1535 Unused/Unsupported Cloud Regions 4 0
T1036.010 Masquerade Account Name 1 0
T1550.001 Application Access Token 9 0
T1572 Protocol Tunneling 4 0
T1556.009 Conditional Access Policies 6 0
T1070.007 Clear Network Connection History and Configurations 3 0
T1176 Software Extensions 3 0
T1496.002 Bandwidth Hijacking 3 0
T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol 4 0
T1071.005 Publish/Subscribe Protocols 3 0
T1498 Network Denial of Service 3 2
T1562.004 Disable or Modify System Firewall 1 0
T1098.004 SSH Authorized Keys 4 0
T1671 Cloud Application Integration 4 0
T1574.001 DLL 2 0
T1621 Multi-Factor Authentication Request Generation 1 0
T1199 Trusted Relationship 6 0
T1599 Network Boundary Bridging 1 1
T1561 Disk Wipe 1 2
T1578.003 Delete Cloud Instance 2 0