1. Home
  2. ATT&CK Techniques

ATT&CK Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access.

View information about techniques, how techniques and tactics interact, and the Center for Threat-Informed Defense's mappings coverage of MITRE ATT&CK® techniques in the Mappings Explorer matrix view.

SELECT VERSIONS

ATT&CK Version

ATT&CK Domain

ATT&CK Techniques

ATT&CK ID ATT&CK Name Number of Mappings Number of Subtechniques
T1564.001 Hidden Files and Directories 4 0
T1480.002 Mutual Exclusion 1 0
T1113 Screen Capture 2 0
T1216.002 SyncAppvPublishingServer 1 0
T1059.013 Container CLI/API 1 0
T1600 Weaken Encryption 2 2
T1001 Data Obfuscation 2 3
T1219.002 Remote Desktop Software 1 0
T1666 Modify Cloud Resource Hierarchy 1 0
T1053.007 Container Orchestration Job 1 0
T1567.001 Exfiltration to Code Repository 2 0
T1584.001 Domains 2 0
T1497.002 User Activity Based Checks 1 0
T1129 Shared Modules 1 0
T1218.011 Rundll32 1 0
T1574.004 Dylib Hijacking 3 0
T1003.008 /etc/passwd and /etc/shadow 1 0
T1499.001 OS Exhaustion Flood 4 0
T1069 Permission Groups Discovery 1 0
T1213 Data from Information Repositories 2 6
T1036.005 Match Legitimate Resource Name or Location 1 0
T1685.004 Disable or Modify Linux Audit System Log 2 0
T1546 Event Triggered Execution 6 17
T1543.002 Systemd Service 2 0
T1059.008 Network Device CLI 1 0
T1585 Establish Accounts 2 2
T1012 Query Registry 2 0
T1574.014 AppDomainManager 2 0
T1529 System Shutdown/Reboot 2 0
T1587 Develop Capabilities 5 4
T1218 System Binary Proxy Execution 2 14
T1578.001 Create Snapshot 1 0
T1587.002 Code Signing Certificates 2 0
T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol 1 0
T1111 Multi-Factor Authentication Interception 3 0
T1608 Stage Capabilities 1 5
T1583.004 Server 4 0
T1037.003 Network Logon Script 1 0
T1584.003 Virtual Private Server 1 0
T1213.006 Databases 1 0
T1547.003 Time Providers 1 0
T1518.001 Security Software Discovery 1 0
T1037 Boot or Logon Initialization Scripts 4 5
T1200 Hardware Additions 3 0
T1583.007 Serverless 2 0
T1029 Scheduled Transfer 4 0
T1082 System Information Discovery 2 0
T1547.001 Registry Run Keys / Startup Folder 1 0
T1588.001 Malware 6 0
T1136.003 Cloud Account 2 0
T1204.002 Malicious File 1 0
T1213.003 Code Repositories 1 0
T1583 Acquire Infrastructure 2 7
T1207 Rogue Domain Controller 1 0
T1556.009 Conditional Access Policies 2 0
T1056.001 Keylogging 1 0
T1688 Safe Mode Boot 1 0
T1584.008 Network Devices 2 0
T1563.002 RDP Hijacking 6 0
T1595.001 Scanning IP Blocks 1 0
T1684 Social Engineering 6 2
T1036.008 Masquerade File Type 2 0
T1566.003 Spearphishing via Service 3 0
T1592.001 Hardware 1 0
T1556.003 Pluggable Authentication Modules 2 0
T1546.014 Emond 2 0
T1526 Cloud Service Discovery 1 0
T1104 Multi-Stage Channels 3 0
T1027.007 Dynamic API Resolution 2 0
T1484 Domain or Tenant Policy Modification 1 2
T1006 Direct Volume Access 1 0
T1547 Boot or Logon Autostart Execution 9 13
T1552.003 Shell History 2 0
T1546.004 Unix Shell Configuration Modification 1 0
T1583.001 Domains 3 0
T1574.012 COR_PROFILER 1 0
T1176.002 IDE Extensions 1 0
T1652 Device Driver Discovery 1 0
T1136.001 Local Account 1 0
T1565.003 Runtime Data Manipulation 1 0
T1011 Exfiltration Over Other Network Medium 2 1
T1589.001 Credentials 3 0
T1195.003 Compromise Hardware Supply Chain 1 0
T1552.002 Credentials in Registry 2 0
T1053.006 Systemd Timers 1 0
T1127.001 MSBuild 2 0
T1137.005 Outlook Rules 1 0
T1491 Defacement 2 2
T1110.003 Password Spraying 1 0
T1667 Email Bombing 1 0
T1558.005 Ccache Files 1 0
T1021.006 Windows Remote Management 1 0
T1518.002 Backup Software Discovery 1 0
T1565 Data Manipulation 1 3
T1588.003 Code Signing Certificates 2 0
T1570 Lateral Tool Transfer 1 0
T1553.005 Mark-of-the-Web Bypass 1 0
T1021.007 Cloud Services 2 0
T1565.001 Stored Data Manipulation 4 0
T1212 Exploitation for Credential Access 7 0
T1564.002 Hidden Users 4 0
T1611 Escape to Host 1 0
T1201 Password Policy Discovery 1 0
T1621 Multi-Factor Authentication Request Generation 1 0
T1037.005 Startup Items 1 0
T1595.002 Vulnerability Scanning 2 0
T1674 Input Injection 1 0
T1560.003 Archive via Custom Method 1 0
T1525 Implant Internal Image 6 0
T1213.005 Messaging Applications 2 0
T1566.001 Spearphishing Attachment 5 0
T1020 Automated Exfiltration 2 1
T1218.001 Compiled HTML File 1 0
T1505.004 IIS Components 1 0
T1585.002 Email Accounts 2 0
T1219 Remote Access Tools 2 3
T1220 XSL Script Processing 1 0
T1609 Container Administration Command 1 0
T1548 Abuse Elevation Control Mechanism 2 6
T1598.001 Spearphishing Service 2 0
T1564.011 Ignore Process Interrupts 1 0
T1560 Archive Collected Data 1 3
T1003 OS Credential Dumping 2 1
T1140 Deobfuscate/Decode Files or Information 1 0
T1199 Trusted Relationship 4 0
T1564.006 Run Virtual Instance 4 0
T1557.001 Name Resolution Poisoning and SMB Relay 2 0
T1074 Data Staged 1 1
T1590.001 Domain Properties 1 0
T1613 Container and Resource Discovery 1 0
T1547.010 Port Monitors 1 0
T1098.002 Additional Email Delegate Permissions 1 0
T1546.017 Udev Rules 4 0
T1480 Execution Guardrails 2 2
T1025 Data from Removable Media 2 0
T1053.005 Scheduled Task 2 0
T1548.006 TCC Manipulation 3 0
T1203 Exploitation for Client Execution 13 0
T1068 Exploitation for Privilege Escalation 9 0
T1110 Brute Force 4 2
T1558.003 Kerberoasting 5 0
T1553.001 Gatekeeper Bypass 1 0
T1210 Exploitation of Remote Services 1 0
T1584 Compromise Infrastructure 2 8
T1608.002 Upload Tool 1 0
T1047 Windows Management Instrumentation 3 0
T1078 Valid Accounts 3 0
T1213.002 Sharepoint 2 0
T1555.002 Securityd Memory 3 0
T1684.002 Email Spoofing 2 0
T1557.002 ARP Cache Poisoning 3 0
T1499.002 Service Exhaustion Flood 6 0
T1018 Remote System Discovery 2 0
T1059.004 Unix Shell 1 0
T1496.004 Cloud Service Hijacking 1 0
T1036.010 Masquerade Account Name 2 0
T1092 Communication Through Removable Media 2 0
T1195 Supply Chain Compromise 3 2
T1543.005 Container Service 2 0
T1072 Software Deployment Tools 5 0
T1119 Automated Collection 4 0
T1677 Poisoned Pipeline Execution 1 0
T1560.001 Archive via Utility 3 0
T1221 Template Injection 1 0
T1578 Modify Cloud Compute Infrastructure 3 5
T1578.002 Create Cloud Instance 1 0
T1222.002 Linux and Mac Permissions 3 0
T1120 Peripheral Device Discovery 1 0
T1496.001 Compute Hijacking 4 0
T1543 Create or Modify System Process 7 5
T1574.011 Services Registry Permissions Weakness 1 0
T1608.004 Drive-by Target 1 0
T1485.001 Lifecycle-Triggered Deletion 3 0
T1176.001 Browser Extensions 1 0
T1486 Data Encrypted for Impact 3 0
T1583.006 Web Services 5 0
T1601.002 Downgrade System Image 2 0
T1563.001 SSH Hijacking 3 0
T1592.004 Client Configurations 1 0
T1557.003 DHCP Spoofing 1 0
T1556 Modify Authentication Process 4 6
T1005 Data from Local System 2 0
T1685.002 Disable or Modify Cloud Log 2 0
T1602.001 SNMP (MIB Dump) 3 0
T1204.004 Malicious Copy and Paste 1 0
T1218.014 MMC 1 0
T1059.002 AppleScript 1 0
T1218.015 Electron Applications 1 0
T1542.005 TFTP Boot 1 0
T1574 Hijack Execution Flow 3 7
T1590.004 Network Topology 1 0
T1552.004 Private Keys 2 0
T1588.005 Exploits 4 0
T1546.007 Netsh Helper DLL 1 0
T1601.001 Patch System Image 2 0
T1675 ESXi Administration Command 1 0
T1176 Software Extensions 2 2
T1586 Compromise Accounts 1 2
T1218.007 Msiexec 1 0
T1568 Dynamic Resolution 6 3
T1555.006 Cloud Secrets Management Stores 2 0
T1027.004 Compile After Delivery 1 0
T1105 Ingress Tool Transfer 3 0
T1059.005 Visual Basic 1 0
T1133 External Remote Services 9 0
T1115 Clipboard Data 3 0
T1482 Domain Trust Discovery 1 0
T1547.012 Print Processors 1 0
T1495 Firmware Corruption 4 0
T1685.001 Disable or Modify Windows Event Log 2 0
T1059.006 Python 1 0
T1059.003 Windows Command Shell 2 0
T1542.001 System Firmware 1 0
T1496.002 Bandwidth Hijacking 1 0
T1491.001 Internal Defacement 2 0
T1556.008 Network Provider DLL 2 0
T1558.001 Golden Ticket 1 0
T1137.004 Outlook Home Page 1 0
T1070.005 Network Share Connection Removal 1 0
T1490 Inhibit System Recovery 3 0
T1590.002 DNS 1 0
T1542.002 Component Firmware 2 0
T1669 Wi-Fi Networks 1 0
T1053.003 Cron 1 0
T1484.001 Group Policy Modification 1 0
T1027.001 Binary Padding 1 0
T1134 Access Token Manipulation 2 1
T1563 Remote Service Session Hijacking 4 2
T1586.001 Social Media Accounts 3 0
T1686 Disable or Modify System Firewall 2 3
T1555.001 Keychain 2 0
T1195.002 Compromise Software Supply Chain 2 0
T1219.003 Remote Access Hardware 1 0
T1568.001 Fast Flux DNS 3 0
T1601 Modify System Image 2 2
T1569.001 Launchctl 1 0
T1590 Gather Victim Network Information 1 6
T1033 System Owner/User Discovery 3 0
T1052.001 Exfiltration over USB 1 0
T1036 Masquerading 5 12
T1573.002 Asymmetric Cryptography 3 0
T1590.006 Network Security Appliances 1 0
T1680 Local Storage Discovery 1 0
T1542.003 Bootkit 1 0
T1546.003 Windows Management Instrumentation Event Subscription 1 0
T1592.003 Firmware 1 0
T1218.013 Mavinject 2 0
T1608.003 Install Digital Certificate 1 0
T1136 Create Account 1 3
T1553.004 Install Root Certificate 1 0
T1114 Email Collection 5 3
T1027.012 LNK Icon Smuggling 2 0
T1496.003 SMS Pumping 2 0
T1537 Transfer Data to Cloud Account 2 0
T1496 Resource Hijacking 5 4
T1535 Unused/Unsupported Cloud Regions 1 0
T1554 Compromise Host Software Binary 6 0
T1036.003 Rename Legitimate Utilities 2 0
T1027.005 Indicator Removal from Tools 6 0
T1592.002 Software 1 0
T1685.006 Clear Linux or Mac System Logs 2 0
T1098.001 Additional Cloud Credentials 1 0
T1548.002 Bypass User Account Control 3 0
T1090.002 External Proxy 2 0
T1518 Software Discovery 1 2
T1589.003 Employee Names 1 0
T1213.001 Confluence 2 0
T1036.001 Invalid Code Signature 1 0
T1071.001 Web Protocols 4 0
T1218.002 Control Panel 1 0
T1564.003 Hidden Window 4 0
T1558 Steal or Forge Kerberos Tickets 1 5
T1059.012 Hypervisor CLI 1 0
T1505.003 Web Shell 2 0
T1202 Indirect Command Execution 1 0
T1218.005 Mshta 1 0
T1030 Data Transfer Size Limits 2 0
T1211 Exploitation for Stealth 3 0
T1654 Log Enumeration 2 0
T1543.003 Windows Service 3 0
T1557 Adversary-in-the-Middle 4 3
T1056.003 Web Portal Capture 1 0
T1564.005 Hidden File System 4 0
T1567 Exfiltration Over Web Service 2 4
T1584.004 Server 1 0
T1010 Application Window Discovery 2 0
T1098.003 Additional Cloud Roles 1 0
T1484.002 Trust Modification 1 0
T1499.004 Application or System Exploitation 4 0
T1588.002 Tool 2 0
T1055.004 Asynchronous Procedure Call 1 0
T1583.003 Virtual Private Server 2 0
T1497.001 System Checks 1 0
T1132.002 Non-Standard Encoding 1 0
T1036.012 Browser Fingerprint 1 0
T1568.003 DNS Calculation 3 0
T1071.005 Publish/Subscribe Protocols 2 0
T1606 Forge Web Credentials 2 2
T1505 Server Software Component 2 6
T1219.001 IDE Tunneling 1 0
T1070.010 Relocate Malware 1 0
T1572 Protocol Tunneling 4 0
T1008 Fallback Channels 4 0
T1550.001 Application Access Token 1 0
T1547.002 Authentication Package 1 0
T1584.007 Serverless 1 0
T1558.004 AS-REP Roasting 3 0
T1555.004 Windows Credential Manager 2 0
T1098.007 Additional Local or Domain Groups 2 0
T1653 Power Settings 1 0
T1580 Cloud Infrastructure Discovery 1 0
T1622 Debugger Evasion 4 0
T1610 Deploy Container 2 0
T1584.002 DNS Server 4 0
T1568.002 Domain Generation Algorithms 3 0
T1020.001 Traffic Duplication 1 0
T1027 Obfuscated Files or Information 3 15
T1606.001 Web Cookies 2 0
T1539 Steal Web Session Cookie 4 0
T1553 Subvert Trust Controls 4 6
T1055 Process Injection 1 2
T1548.001 Setuid and Setgid 1 0
T1608.001 Upload Malware 1 0
T1098.004 SSH Authorized Keys 1 0
T1567.004 Exfiltration Over Webhook 2 0
T1204 User Execution 6 5
T1558.002 Silver Ticket 2 0
T1534 Internal Spearphishing 2 0
T1087 Account Discovery 1 0
T1552.001 Credentials In Files 2 0
T1505.002 Transport Agent 3 0
T1552.008 Chat Messages 3 0
T1583.002 DNS Server 3 0
T1070 Indicator Removal 1 2
T1001.002 Steganography 6 0
T1685 Disable or Modify Tools 5 6
T1583.005 Botnet 3 0
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol 1 0
T1598.004 Spearphishing Voice 6 0
T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol 1 0
T1553.002 Code Signing 1 0
T1548.003 Sudo and Sudo Caching 3 0
T1204.001 Malicious Link 1 0
T1218.010 Regsvr32 1 0
T1123 Audio Capture 2 0
T1542 Pre-OS Boot 1 5
T1567.002 Exfiltration to Cloud Storage 2 0
T1590.005 IP Addresses 1 0
T1110.002 Password Cracking 1 0
T1048 Exfiltration Over Alternative Protocol 2 3
T1027.002 Software Packing 1 0
T1016.002 Wi-Fi Discovery 2 0
T1686.002 Network Device Firewall 1 0
T1588 Obtain Capabilities 2 7
T1589.002 Email Addresses 1 0
T1587.001 Malware 7 0
T1106 Native API 1 0
T1041 Exfiltration Over C2 Channel 2 0
T1498.001 Direct Network Flood 4 0
T1036.004 Masquerade Task or Service 2 0
T1550 Use Alternate Authentication Material 3 4
T1684.001 Impersonation 1 0
T1001.003 Protocol or Service Impersonation 1 0
T1590.003 Network Trust Dependencies 1 0
T1556.004 Network Device Authentication 2 0
T1598.002 Spearphishing Attachment 3 0
T1614.001 System Language Discovery 1 0
T1546.011 Application Shimming 1 0
T1036.009 Break Process Trees 2 0
T1546.006 LC_LOAD_DYLIB Addition 1 0
T1686.003 Windows Host Firewall 1 0
T1007 System Service Discovery 5 0
T1659 Content Injection 1 0
T1530 Data from Cloud Storage 2 0
T1595 Active Scanning 1 2
T1600.002 Disable Crypto Hardware 1 0
T1599 Network Boundary Bridging 1 1
T1080 Taint Shared Content 3 0
T1564.014 Extended Attributes 2 0
T1565.002 Transmitted Data Manipulation 3 0
T1552.007 Container API 1 0
T1137.001 Office Template Macros 1 0
T1602.002 Network Device Configuration Dump 2 0
T1505.005 Terminal Services DLL 2 0
T1592 Gather Victim Host Information 1 4
T1586.002 Email Accounts 1 0
T1127.003 JamPlus 1 0
T1598.003 Spearphishing Link 5 0
T1497.003 Time Based Checks 1 0
T1578.005 Modify Cloud Compute Configurations 2 0
T1222 File and Directory Permissions Modification 4 2
T1566.002 Spearphishing Link 8 0
T1679 Selective Exclusion 1 0
T1559 Inter-Process Communication 1 2
T1216.001 PubPrn 1 0
T1222.001 Windows Permissions 1 0
T1550.004 Web Session Cookie 2 0
T1671 Cloud Application Integration 1 0
T1612 Build Image on Host 2 0
T1564.004 NTFS File Attributes 4 0
T1588.004 Digital Certificates 2 0
T1686.001 Cloud Firewall 4 0
T1056 Input Capture 2 4
T1136.002 Domain Account 1 0
T1056.002 GUI Input Capture 1 0
T1505.006 vSphere Installation Bundles 1 0
T1204.005 Malicious Library 1 0
T1027.013 Encrypted/Encoded File 2 0
T1550.003 Pass the Ticket 1 0
T1546.012 Image File Execution Options Injection 1 0
T1053 Scheduled Task/Job 3 5
T1548.004 Elevated Execution with Prompt 2 0
T1555.005 Password Managers 2 0
T1027.016 Junk Code Insertion 1 0
T1596.003 Digital Certificates 1 0
T1135 Network Share Discovery 2 0
T1564.007 VBA Stomping 5 0
T1039 Data from Network Shared Drive 2 0
T1091 Replication Through Removable Media 3 0
T1218.012 Verclsid 1 0
T1561.002 Disk Structure Wipe 4 0
T1137.002 Office Test 1 0
T1564.013 Bind Mounts 2 0
T1547.005 Security Support Provider 1 0
T1668 Exclusive Control 1 0
T1598 Phishing for Information 2 4
T1546.005 Trap 1 0
T1055.014 VDSO Hijacking 1 0
T1531 Account Access Removal 5 0
T1556.006 Multi-Factor Authentication 1 0
T1585.001 Social Media Accounts 3 0
T1497 Virtualization/Sandbox Evasion 3 3
T1027.018 Invisible Unicode 1 0
T1059.009 Cloud API 3 0
T1547.014 Active Setup 1 0
T1578.003 Delete Cloud Instance 1 0
T1027.014 Polymorphic Code 1 0
T1027.003 Steganography 1 0
T1499 Endpoint Denial of Service 10 4
T1543.004 Launch Daemon 2 0
T1556.001 Domain Controller Authentication 2 0
T1584.006 Web Services 1 0
T1571 Non-Standard Port 3 0
T1555.003 Credentials from Web Browsers 2 0
T1057 Process Discovery 1 0
T1059.001 PowerShell 1 0
T1037.004 RC Scripts 1 0
T1036.007 Double File Extension 1 0
T1578.004 Revert Cloud Instance 1 0
T1547.004 Winlogon Helper DLL 3 0
T1498 Network Denial of Service 5 2
T1071.003 Mail Protocols 1 0
T1036.002 Right-to-Left Override 1 0
T1014 Rootkit 2 0
T1137.003 Outlook Forms 1 0
T1690 Prevent Command History Logging 3 0
T1218.004 InstallUtil 1 0
T1573 Encrypted Channel 4 2
T1036.011 Overwrite Process Arguments 2 0
T1574.010 Services File Permissions Weakness 1 0
T1491.002 External Defacement 2 0
T1553.003 SIP and Trust Provider Hijacking 1 0
T1124 System Time Discovery 1 0
T1197 BITS Jobs 1 0
T1205.001 Port Knocking 3 0
T1059 Command and Scripting Interpreter 3 13
T1564.012 File/Path Exclusions 3 0
T1046 Network Service Discovery 2 0
T1552.006 Group Policy Preferences 3 0
T1555 Credentials from Password Stores 2 6
T1683.001 Written Content 1 0
T1657 Financial Theft 1 0
T1127 Trusted Developer Utilities Proxy Execution 2 3
T1216 System Script Proxy Execution 2 2
T1112 Modify Registry 1 0
T1559.001 Component Object Model 1 0
T1559.002 Dynamic Data Exchange 6 0
T1606.002 SAML Tokens 1 0
T1584.005 Botnet 3 0
T1499.003 Application Exhaustion Flood 6 0
T1566 Phishing 7 4
T1538 Cloud Service Dashboard 1 0
T1547.013 XDG Autostart Entries 1 0
T1027.010 Command Obfuscation 3 0
T1027.017 SVG Smuggling 1 0
T1059.010 AutoHotKey & AutoIT 3 0
T1574.005 Executable Installer File Permissions Weakness 3 0
T1546.015 Component Object Model Hijacking 1 0
T1547.006 Kernel Modules and Extensions 2 0
T1546.001 Change Default File Association 2 0
T1114.003 Email Forwarding Rule 2 0
T1071.004 DNS 1 0
T1098 Account Manipulation 5 7
T1547.007 Re-opened Applications 1 0
T1608.005 Link Target 1 0
T1480.001 Environmental Keying 2 0
T1021 Remote Services 3 4
T1036.006 Space after Filename 1 0
T1132 Data Encoding 2 1
T1205 Traffic Signaling 3 1
T1665 Hide Infrastructure 1 0
T1071 Application Layer Protocol 4 5
T1095 Non-Application Layer Protocol 3 0
T1489 Service Stop 3 0
T1687 Exploitation for Defense Impairment 1 0
T1685.005 Clear Windows Event Logs 2 0
T1218.003 CMSTP 1 0
T1083 File and Directory Discovery 3 0
T1546.016 Installer Packages 1 0
T1498.002 Reflection Amplification 4 0
T1204.003 Malicious Image 1 0
T1056.004 Credential API Hooking 1 0
T1037.001 Logon Script (Windows) 1 0
T1587.003 Digital Certificates 2 0
T1588.007 Artificial Intelligence 2 0
T1561.001 Disk Content Wipe 3 0
T1542.004 ROMMONkit 1 0
T1189 Drive-by Compromise 2 0
T1567.003 Exfiltration to Text Storage Sites 2 0
T1052 Exfiltration Over Physical Medium 2 1
T1187 Forced Authentication 4 0
T1547.008 LSASS Driver 1 0
T1685.003 Modify or Spoof Tool UI 3 0
T1114.001 Local Email Collection 1 0
T1560.002 Archive via Library 2 0
T1588.006 Vulnerabilities 2 0
T1074.001 Local Data Staging 1 0
T1546.002 Screensaver 1 0
T1102.001 Dead Drop Resolver 2 0
T1587.004 Exploits 4 0
T1505.001 SQL Stored Procedures 3 0
T1021.008 Direct Cloud VM Connections 2 0
T1114.002 Remote Email Collection 1 0
T1027.011 Fileless Storage 2 0
T1053.002 At 2 0
T1049 System Network Connections Discovery 2 0
T1569.003 Systemctl 1 0
T1614 System Location Discovery 1 1
T1548.005 Temporary Elevated Cloud Access 2 0
T1673 Virtual Machine Discovery 1 0
T1016 System Network Configuration Discovery 1 1
T1678 Delay Execution 1 0
T1485 Data Destruction 4 1
T1543.001 Launch Agent 2 0
T1561 Disk Wipe 5 2
T1546.008 Accessibility Features 1 0
T1185 Browser Session Hijacking 8 0
T1553.006 Code Signing Policy Modification 1 0
T1190 Exploit Public-Facing Application 11 0
T1566.004 Spearphishing Voice 1 0
T1021.003 Distributed Component Object Model 2 0
T1001.001 Junk Data 1 0
T1552.005 Cloud Instance Metadata API 2 0
T1552 Unsecured Credentials 1 8
T1528 Steal Application Access Token 1 0
T1218.008 Odbcconf 1 0
T1011.001 Exfiltration Over Bluetooth 2 0
T1059.007 JavaScript 1 0
T1569 System Services 3 3
T1102 Web Service 3 1
T1574.001 DLL 4 0
T1651 Cloud Administration Command 1 0
T1573.001 Symmetric Cryptography 4 0
T1550.002 Pass the Hash 4 0
T1134.003 Make and Impersonate Token 1 0
T1059.011 Lua 4 0
T1027.015 Compression 1 0
T1599.001 Network Address Translation Traversal 1 0
T1125 Video Capture 3 0
T1546.013 PowerShell Profile 3 0
T1602 Data from Configuration Repository 3 2
T1127.002 ClickOnce 3 0
T1098.006 Additional Container Cluster Roles 2 0
T1090 Proxy 3 1
T1546.010 AppInit DLLs 1 0
T1071.002 File Transfer Protocols 1 0
T1564 Hide Artifacts 4 11
T1569.002 Service Execution 3 0
T1547.009 Shortcut Modification 1 0
T1689 Downgrade Attack 1 0
T1546.009 AppCert DLLs 2 0
T1040 Network Sniffing 1 0
T1137 Office Application Startup 1 5
T1098.005 Device Registration 1 0
T1037.002 Login Hook 1 0
T1589 Gather Victim Identity Information 1 3
T1600.001 Reduce Key Space 2 0
T1213.004 Customer Relationship Management Software 1 0
T1218.009 Regsvcs/Regasm 1 0