T1566 Phishing Mappings

Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns.

Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1566 Phishing
CA-7 Continuous Monitoring Protects T1566 Phishing
CM-2 Baseline Configuration Protects T1566 Phishing
CM-6 Configuration Settings Protects T1566 Phishing
IA-9 Service Identification and Authentication Protects T1566 Phishing
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566 Phishing
SC-7 Boundary Protection Protects T1566 Phishing
SI-2 Flaw Remediation Protects T1566 Phishing
SI-3 Malicious Code Protection Protects T1566 Phishing
SI-4 System Monitoring Protects T1566 Phishing
SI-8 Spam Protection Protects T1566 Phishing
CVE-2019-1831 Cisco Email Security Appliance (ESA) secondary_impact T1566 Phishing
CVE-2019-1772 Cisco WebEx WRF Player exploitation_technique T1566 Phishing
CVE-2020-3440 Cisco Webex Meetings exploitation_technique T1566 Phishing
CVE-2018-15376 Cisco IOS Software exploitation_technique T1566 Phishing
CVE-2019-15276 Cisco Wireless LAN Controller (WLC) exploitation_technique T1566 Phishing
CVE-2019-1915 Cisco Unified Communications Manager exploitation_technique T1566 Phishing
CVE-2020-3322 Cisco Webex Network Recording Player exploitation_technique T1566 Phishing
CVE-2020-3198 Cisco IOS 12.2(60)EZ16 exploitation_technique T1566 Phishing
CVE-2018-15782 RSA Authentication Manager exploitation_technique T1566 Phishing
CVE-2020-4068 APNSwift exploitation_technique T1566 Phishing
CVE-2020-1495 Microsoft SharePoint Server 2010 Service Pack 2 exploitation_technique T1566 Phishing
CVE-2018-8111 Microsoft Edge exploitation_technique T1566 Phishing
CVE-2020-1569 Microsoft Edge (EdgeHTML-based) exploitation_technique T1566 Phishing
CVE-2019-1013 Windows exploitation_technique T1566 Phishing
CVE-2019-0609 Internet Explorer 11 exploitation_technique T1566 Phishing
CVE-2018-8353 n/a exploitation_technique T1566 Phishing
CVE-2018-8110 Microsoft Edge exploitation_technique T1566 Phishing
CVE-2018-8575 Microsoft Project exploitation_technique T1566 Phishing
CVE-2018-8160 Word exploitation_technique T1566 Phishing
CVE-2017-15211 n/a uncategorized T1566 Phishing
CVE-2017-14487 n/a uncategorized T1566 Phishing
CVE-2020-1020 Windows uncategorized T1566 Phishing
CVE-2017-8759 Microsoft .NET Framework uncategorized T1566 Phishing
CVE-2017-11847 Windows kernel uncategorized T1566 Phishing
CVE-2013-3906 n/a uncategorized T1566 Phishing
CVE-2012-6467 n/a uncategorized T1566 Phishing
action.malware.vector.Instant messaging Instant Messaging related-to T1566 Phishing
action.social.variety.Phishing Phishing (or any type of *ishing) related-to T1566 Phishing
amazon_guardduty Amazon GuardDuty technique_scores T1566 Phishing

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1566.001 Spearphishing Attachment 18
T1566.002 Spearphishing Link 19
T1566.003 Spearphishing via Service 11