{"name": "veris overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "16.1"}, "sorting": 3, "description": "veris heatmap overview of veris mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1656", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1001.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1001.002", "score": 6, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Downloader\n\u2022action.social.vector.Social media\n\u2022action.malware.vector.Email link\n\u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1001.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Other\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1071.001", "score": 3, "comment": " Related to: \n \u2022action.malware.vector.Email attachment\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1105", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Other\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1127.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1080", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Worm\n\u2022action.malware.variety.Other\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1204", "score": 5, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Downloader\n\u2022action.malware.variety.Other\n\u2022action.social.vector.Social media", "metadata": []}, {"techniqueID": "T1204.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1204.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1204.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1027.011", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.013", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1059.009", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1059.010", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1059.011", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1127.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1098.006", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1098.007", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1027", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Null byte injection\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1027.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.010", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.variety.Destroy data", "metadata": []}, {"techniqueID": "T1027.014", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1070.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1132.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1021.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1021.008", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1134.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1071.005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1016.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1036.009", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1111", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.AiTM\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Spyware/Keylogger", "metadata": []}, {"techniqueID": "T1036.008", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.010", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1047", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.vector.Direct install", "metadata": []}, {"techniqueID": "T1053", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.vector.Backdoor\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1053.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1053.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1053.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1053.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1053.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1059.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1059.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.008", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1072", "score": 5, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.vector.Software update\n\u2022action.malware.variety.Adminware", "metadata": []}, {"techniqueID": "T1106", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1112", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1127", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1129", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1187", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.AiTM\n\u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1202", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1216", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1216.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1216.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Destroy data", "metadata": []}, {"techniqueID": "T1218.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.008", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.009", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1185", "score": 8, "comment": " Related to: \n \u2022action.hacking.variety.HTTP request smuggling\n\u2022action.hacking.variety.HTTP response splitting\n\u2022action.hacking.variety.AiTM\n\u2022action.hacking.variety.Session fixation\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.HTTP request splitting\n\u2022action.malware.variety.Capture app data\n\u2022action.hacking.variety.HTTP response smuggling", "metadata": []}, {"techniqueID": "T1037", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022attribute.integrity.variety.Modify configuration\n\u2022action.malware.variety.Backdoor\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1078", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Backdoor\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1098", "score": 5, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022attribute.integrity.variety.Modify privileges\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1133", "score": 9, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.vector.Web application\n\u2022action.hacking.vector.3rd party desktop\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Desktop sharing software\n\u2022action.malware.vector.Remote injection\n\u2022action.hacking.vector.VPN\n\u2022action.malware.variety.Backdoor\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1563.002", "score": 6, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.vector.Network propagation\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Modify data\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1110", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1222.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1565.001", "score": 4, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data\n\u2022action.hacking.variety.Offline cracking\n\u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1021.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1531", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Brute force\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Brute force\n\u2022attribute.availability.variety.Destruction\n\u2022attribute.integrity.variety.Unknown\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1203", "score": 7, "comment": " Related to: \n \u2022action.hacking.variety.HTTP response splitting\n\u2022action.hacking.variety.HTTP request smuggling\n\u2022action.hacking.variety.HTTP request splitting\n\u2022action.malware.vector.Email attachment\n\u2022action.malware.variety.Client-side attack\n\u2022action.hacking.variety.Buffer overflow\n\u2022action.hacking.variety.HTTP response smuggling", "metadata": []}, {"techniqueID": "T1102.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1602.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1584.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1008", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1014", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.malware.variety.Rootkit\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.vector.Email attachment\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1090", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1102", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1104", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1132", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1583.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1205", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1211", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1068", "score": 8, "comment": " Related to: \n \u2022action.hacking.variety.Integer overflows\n\u2022action.malware.variety.Exploit misconfig\n\u2022action.hacking.variety.Fuzz testing\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Format string attack\n\u2022action.hacking.variety.Insecure deserialization\n\u2022action.hacking.variety.Exploit vuln\n\u2022action.hacking.variety.LDAP injection", "metadata": []}, {"techniqueID": "T1190", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.SQLi", "metadata": []}, {"techniqueID": "T1212", "score": 7, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.vector.Web application - drive-by\n\u2022action.hacking.variety.Session fixation\n\u2022action.malware.variety.Password dumper\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1505.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1569", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1007", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host\n\u2022action.malware.variety.Packet sniffer\n\u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1033", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1057", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1069", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1136.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1082", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1083", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1087", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1573.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1119", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1120", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1124", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1201", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1018", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1046", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1049", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1135", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1134", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1021", "score": 3, "comment": " Related to: \n \u2022action.malware.vector.Network propagation\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1027.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1029", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1547.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1598.003", "score": 5, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.hacking.vector.Command shell\n\u2022action.social.variety.Pretexting\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1560.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Export data\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1583.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Forced browsing\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1011.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1550.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.Session replay", "metadata": []}, {"techniqueID": "T1601.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1569.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.vector.Direct install", "metadata": []}, {"techniqueID": "T1654", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1548", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1041", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1558.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.XML external entities", "metadata": []}, {"techniqueID": "T1010", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.XPath injection", "metadata": []}, {"techniqueID": "T1552.008", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Command shell\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1546.013", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Command shell\n\u2022action.malware.vector.Email attachment\n\u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1584.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1095", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1195", "score": 3, "comment": " Related to: \n \u2022action.malware.vector.Software update\n\u2022action.malware.vector.Partner\n\u2022action.hacking.vector.Partner", "metadata": []}, {"techniqueID": "T1499.003", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022action.hacking.vector.Partner\n\u2022action.social.vector.Software\n\u2022attribute.availability.variety.Degradation\n\u2022attribute.availability.variety.Loss", "metadata": []}, {"techniqueID": "T1589.001", "score": 3, "comment": " Related to: \n \u2022action.social.vector.Software\n\u2022action.hacking.variety.Scan network\n\u2022action.hacking.vector.Partner", "metadata": []}, {"techniqueID": "T1499.002", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022action.hacking.vector.Partner\n\u2022attribute.availability.variety.Degradation\n\u2022action.social.vector.Partner\n\u2022attribute.availability.variety.Loss", "metadata": []}, {"techniqueID": "T1199", "score": 4, "comment": " Related to: \n \u2022action.social.vector.Partner\n\u2022action.malware.variety.Adware\n\u2022action.malware.vector.Partner\n\u2022action.hacking.vector.Partner", "metadata": []}, {"techniqueID": "T1200", "score": 1, "comment": " Related to: \n \u2022action.hacking.vector.Physical access", "metadata": []}, {"techniqueID": "T1090.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.vector.Web application\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1584.007", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1055.014", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1561", "score": 5, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.C2\n\u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1566.003", "score": 3, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.malware.variety.C2\n\u2022action.social.vector.Email", "metadata": []}, {"techniqueID": "T1110.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1070.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1578.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1036.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1546.014", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1485", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Destruction\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1056", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1596.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1547.006", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1546.017", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Spyware/Keylogger\n\u2022action.malware.variety.Capture app data\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1113", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114", "score": 5, "comment": " Related to: \n \u2022action.malware.variety.RAM scraper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Capture app data\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1110.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1556.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1546.009", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1123", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1125", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.malware.variety.Capture app data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1176", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - drive-by\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1587", "score": 5, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022value_chain.development.variety.Unknown\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1558.003", "score": 5, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1565.002", "score": 3, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data\n\u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1025", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1039", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1542.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1092", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Removable media\n\u2022action.malware.variety.Destroy data", "metadata": []}, {"techniqueID": "T1566.002", "score": 7, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Destroy data\n\u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges\n\u2022action.malware.vector.Email link\n\u2022action.social.vector.Web application", "metadata": []}, {"techniqueID": "T1600.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1496.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.Click fraud and cryptocurrency mining\n\u2022action.malware.variety.Cryptocurrency mining", "metadata": []}, {"techniqueID": "T1006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1563", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.vector.Network propagation\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1499", "score": 7, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022action.malware.variety.Disable controls\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.XML external entities\n\u2022action.hacking.variety.Soap array abuse\n\u2022attribute.availability.variety.Loss", "metadata": []}, {"techniqueID": "T1505.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.007", "score": 4, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.hacking.variety.Disable controls\n\u2022action.social.variety.Forgery\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1195.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Rootkit\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1568", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.C2\n\u2022action.malware.vector.Download by malware\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1074.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1622", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1559.002", "score": 6, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Downloader\n\u2022action.social.vector.Social media\n\u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.vector.Email attachment", "metadata": []}, {"techniqueID": "T1027.005", "score": 6, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Downloader\n\u2022action.social.variety.Pretexting\n\u2022action.social.vector.Social media\n\u2022action.malware.variety.Trojan", "metadata": []}, {"techniqueID": "T1011", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1021.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1020", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1055.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1030", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1070", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1552.006", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1213.005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1052", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1588.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1074", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1218.013", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1574.014", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1197", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1115", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1055", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1612", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1560.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1036.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1538", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1548.006", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": null, "score": 52, "comment": " Related to: \n \u2022Attribute.Integrity.Variety.Hardware tampering\n\u2022Action.Malware.Vector.Unknown\n\u2022Attribute.Integrity.Variety.Fraudulent transaction\n\u2022Action.Hacking.Variety.Reverse engineering\n\u2022Action.Social.Vector.IM\n\u2022Action.Social.Variety.Unknown\n\u2022Action.Social.Vector.In-person\n\u2022Action.Malware.Vector.Email unknown\n\u2022Action.Social.Variety.Baiting\n\u2022Action.Social.Variety.Elicitation\n\u2022Action.Hacking.Variety.CSRF\n\u2022Action.Hacking.Variety.Special element injection\n\u2022Action.Social.Variety.Bribery\n\u2022Action.Social.Variety.Extortion\n\u2022Action.Social.Variety.Prompt Bombing\n\u2022Action.Social.Variety.Scam\n\u2022Action.Social.Variety.Propaganda\n\u2022Attribute.Availability.Variety.Other\n\u2022Action.Hacking.Variety.SSI injection\n\u2022Action.Social.Variety.Spam\n\u2022Value_chain.development.variety.Physical\n\u2022Action.Hacking.Variety.Mail command injection\n\u2022Action.Malware.Vector.Other\n\u2022Action.Hacking.Variety.XSS\n\u2022Action.Hacking.Variety.Soap array abuse\n\u2022Action.Malware.Vector.Email autoexecute\n\u2022Action.Malware.Variety.Other\n\u2022Action.Social.Variety.Influence\n\u2022Action.Social.Vector.Other\n\u2022Action.Malware.Vector.Email other\n\u2022Action.Hacking.Variety.URL redirector abuse\n\u2022Action.Hacking.Variety.XQuery injection\n\u2022Action.Social.Variety.Other\n\u2022Action.Hacking.Variety.XML entity expansion\n\u2022Action.Hacking.Variety.XML attribute blowup\n\u2022Value_chain.development.variety.NA\n\u2022Attribute.Integrity.Variety.Other\n\u2022Action.Social.Vector.Unknown\n\u2022Action.Social.Vector.SMS\n\u2022Action.Malware.Variety.Spam\n\u2022Action.Social.Vector.Documents\n\u2022Action.Hacking.Vector.Unknown\n\u2022Attribute.Availability.Variety.Acceleration\n\u2022Value_chain.development.variety.Email\n\u2022action.malware.variety.In-memory\n\u2022Action.Hacking.Variety.RFI\n\u2022Action.Hacking.Vector.Other\n\u2022Attribute.Availability.Variety.Unknown\n\u2022Action.Social.Vector.Phone\n\u2022Action.Hacking.Variety.User breakout\n\u2022Action.Hacking.Variety.Path traversal\n\u2022Action.Hacking.Variety.Other", "metadata": []}, {"techniqueID": "T1585.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022value_chain.development.variety.Persona\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1546.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1222", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.RAM scraper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1547", "score": 9, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.RAM scraper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Modify configuration\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1598.004", "score": 5, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.malware.variety.RAM scraper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1016", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1496.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1140", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1091", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Worm\n\u2022action.malware.vector.Removable media\n\u2022action.social.vector.Removable media", "metadata": []}, {"techniqueID": "T1189", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - drive-by\n\u2022action.social.vector.Web application", "metadata": []}, {"techniqueID": "T1003.008", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1020.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1040", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1052.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.004", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.003", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1136", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1136.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1136.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1070.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Log tampering", "metadata": []}, {"techniqueID": "T1070.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Log tampering", "metadata": []}, {"techniqueID": "T1037.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1098.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1218.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1205.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1218.012", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1207", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1218.014", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.015", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1219", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Adminware\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1220", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1213", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.004", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1480", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1480.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1480.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1489", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1496", "score": 5, "comment": " Related to: \n \u2022attribute.availability.variety.Degradation\n\u2022action.malware.variety.Click fraud and cryptocurrency mining\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Click fraud\n\u2022action.malware.variety.Cryptocurrency mining", "metadata": []}, {"techniqueID": "T1496.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1496.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1497", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Hypervisor\n\u2022action.hacking.vector.Inter-tenant\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1498", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation", "metadata": []}, {"techniqueID": "T1498.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation", "metadata": []}, {"techniqueID": "T1498.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation", "metadata": []}, {"techniqueID": "T1499.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation", "metadata": []}, {"techniqueID": "T1221", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Client-side attack", "metadata": []}, {"techniqueID": "T1222.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1499.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation", "metadata": []}, {"techniqueID": "T1505.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1505.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1482", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1484", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1484.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1484.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1485.001", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Destruction\n\u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1486", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Obscuration\n\u2022attribute.availability.variety.Interruption\n\u2022action.malware.variety.Ransomware", "metadata": []}, {"techniqueID": "T1518", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1490", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Ransomware\n\u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1491", "score": 2, "comment": " Related to: \n \u2022attribute.availability.variety.Obscuration\n\u2022attribute.integrity.variety.Defacement", "metadata": []}, {"techniqueID": "T1491.001", "score": 2, "comment": " Related to: \n \u2022attribute.availability.variety.Obscuration\n\u2022attribute.integrity.variety.Defacement", "metadata": []}, {"techniqueID": "T1491.002", "score": 2, "comment": " Related to: \n \u2022attribute.availability.variety.Obscuration\n\u2022attribute.integrity.variety.Defacement", "metadata": []}, {"techniqueID": "T1495", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1518.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1525", "score": 6, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.RAT\n\u2022action.malware.variety.Unknown\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1526", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1529", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1539", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Forced browsing\n\u2022action.hacking.variety.AiTM\n\u2022action.malware.variety.Capture app data\n\u2022action.hacking.variety.Session replay", "metadata": []}, {"techniqueID": "T1497.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1497.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1497.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1543", "score": 7, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Rootkit\n\u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Backdoor\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1543.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.003", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.RAT", "metadata": []}, {"techniqueID": "T1543.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1505", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1546", "score": 6, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor\n\u2022action.hacking.variety.XML injection\n\u2022attribute.integrity.variety.Alter behavior\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1505.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1528", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1548.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1530", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1548.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.malware.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1534", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022attribute.integrity.variety.Misrepresentation", "metadata": []}, {"techniqueID": "T1535", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Repurpose", "metadata": []}, {"techniqueID": "T1537", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1548.003", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Client-side attack\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1542", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1548.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1548.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1550", "score": 3, "comment": " Related to: \n \u2022action.malware.vector.Network propagation\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Pass-the-hash", "metadata": []}, {"techniqueID": "T1550.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1550.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Pass-the-hash\n\u2022action.hacking.variety.Pass-the-hash\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1550.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1546.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.006", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.007", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.008", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.010", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.011", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.012", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.015", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.016", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1547.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.007", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.008", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.009", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.010", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.012", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.013", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.014", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1553", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1554", "score": 6, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Trojan\n\u2022action.malware.variety.Adminware\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1556", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Backdoor\n\u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges\n\u2022action.hacking.variety.Backdoor", "metadata": []}, {"techniqueID": "T1557", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.AiTM\n\u2022action.malware.variety.AiTM\n\u2022action.hacking.variety.Routing detour\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1557.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.AiTM\n\u2022action.malware.variety.AiTM", "metadata": []}, {"techniqueID": "T1557.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.AiTM\n\u2022action.hacking.variety.Cache poisoning\n\u2022action.malware.variety.AiTM", "metadata": []}, {"techniqueID": "T1558", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1558.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1552", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1552.001", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.002", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.004", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.005", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.007", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1553.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1558.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.malware.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1555", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.001", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.002", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.RAM scraper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.004", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.005", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.006", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1558.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1559", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1556.001", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1556.003", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1556.004", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1559.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1562", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Modify data\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1562.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1557.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.AiTM", "metadata": []}, {"techniqueID": "T1562.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.008", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.011", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1562.012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1563.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.vector.Network propagation\n\u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1560", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1560.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1561.001", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.Destroy data", "metadata": []}, {"techniqueID": "T1561.002", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1564", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1562.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1564.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.003", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.005", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.006", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.007", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Trojan\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1565", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data", "metadata": []}, {"techniqueID": "T1565.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data", "metadata": []}, {"techniqueID": "T1566", "score": 3, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.vector.Instant messaging", "metadata": []}, {"techniqueID": "T1566.001", "score": 4, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.malware.vector.Email\n\u2022action.malware.vector.Email attachment\n\u2022action.social.vector.Email", "metadata": []}, {"techniqueID": "T1566.004", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1567", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.004", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1568.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1568.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1568.003", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1569.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1571", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1572", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1570", "score": 1, "comment": " Related to: \n \u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1573", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1573.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1574", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.XML injection", "metadata": []}, {"techniqueID": "T1574.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1574.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1574.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1574.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1574.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1574.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1578", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.vector.Hypervisor\n\u2022action.hacking.vector.Inter-tenant", "metadata": []}, {"techniqueID": "T1574.012", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1578.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1580", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1583", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - download\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1583.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1583.002", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1583.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Forced browsing\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1583.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.DoS\n\u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Bot", "metadata": []}, {"techniqueID": "T1583.006", "score": 5, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Forced browsing\n\u2022value_chain.development.variety.Website\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1584", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - download\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.001", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1585", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022value_chain.development.variety.Persona", "metadata": []}, {"techniqueID": "T1585.002", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022value_chain.development.variety.Persona", "metadata": []}, {"techniqueID": "T1586", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1586.001", "score": 3, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1586.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1587.001", "score": 6, "comment": " Related to: \n \u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Bot\n\u2022value_chain.development.variety.Trojan\n\u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Payload\n\u2022value_chain.development.variety.Ransomware", "metadata": []}, {"techniqueID": "T1587.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1587.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1587.004", "score": 4, "comment": " Related to: \n \u2022value_chain.development.variety.Exploit\n\u2022value_chain.development.variety.Exploit Kits\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1588", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.001", "score": 6, "comment": " Related to: \n \u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Bot\n\u2022value_chain.development.variety.Trojan\n\u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Payload\n\u2022value_chain.development.variety.Ransomware", "metadata": []}, {"techniqueID": "T1588.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1588.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1588.005", "score": 4, "comment": " Related to: \n \u2022value_chain.development.variety.Exploit\n\u2022value_chain.development.variety.Exploit Kits\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.006", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1589", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1589.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1589.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1595", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1595.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1595.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Scan network\n\u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1598", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1598.001", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1598.002", "score": 3, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.malware.vector.Email attachment\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1599", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1599.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1600", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Cryptanalysis\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1600.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1601", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1601.001", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1602", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1602.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1606", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Session prediction\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1606.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Session prediction\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1606.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1608", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1609", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1610", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Unknown\n\u2022action.malware.variety.Downloader", "metadata": []}, {"techniqueID": "T1611", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Virtual machine escape", "metadata": []}, {"techniqueID": "T1613", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1614", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1614.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1584.008", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Partner\n\u2022action.hacking.vector.Partner", "metadata": []}, {"techniqueID": "T1659", "score": 1, "comment": " Related to: \n \u2022action.malware.vector.remote injection", "metadata": []}, {"techniqueID": "T1556.008", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1556.009", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1564.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses\n\u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1651", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1652", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1653", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1665", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1666", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 52}}