{"name": "veris overview", "versions": {"navigator": "4.8.0", "layer": "4.4", "attack": "19.1"}, "sorting": 3, "description": "veris heatmap overview of veris mappings, scores are the number of associated entries", "domain": "enterprise-attack", "techniques": [{"techniqueID": "T1036.008", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.009", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.010", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036", "score": 5, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.vector.Email attachment\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.004", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.015", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1080", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Worm\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1059", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1677", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1489", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Interruption\n\u2022action.malware.variety.DoS\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1687", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Exploit vuln", "metadata": []}, {"techniqueID": "T1685.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1685.005", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Log tampering\n\u2022action.hacking.variety.Disable controls", "metadata": [{"divider": true}, {"name": "control", "value": "attribute.integrity.variety.Log tampering"}, {"name": "comment", "value": "see T1685.005 Disable or Modify Tools: Clear Windows Event Logs"}]}, {"techniqueID": "T1684", "score": 7, "comment": " Related to: \n \u2022Action.Social.Variety.Baiting\n\u2022Action.Social.Variety.Extortion\n\u2022action.social.variety.Evade Defenses\n\u2022Action.Social.Variety.Bribery\n\u2022action.social.vector.Virtual meeting\n\u2022Action.Social.Variety.Unknown\n\u2022Action.Social.Variety.Elicitation", "metadata": []}, {"techniqueID": "T1684.001", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1673", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1678", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1679", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1027.011", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Other\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1680", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": null, "score": 15, "comment": " Related to: \n \u2022Action.Hacking.Vector.Unknown\n\u2022Action.Malware.Variety.Other\n\u2022Action.Malware.Vector.Email other\n\u2022Value_chain.development.variety.NA\n\u2022Action.Social.Variety.Influence\n\u2022Action.Malware.Vector.Unknown\n\u2022Attribute.Availability.Variety.Unknown\n\u2022action.hacking.variety.Prompt injection\n\u2022Action.Social.Variety.Other\n\u2022Action.Social.Vector.In-person\n\u2022Action.Social.Vector.Other\n\u2022Attribute.Availability.Variety.Other\n\u2022Action.Social.Vector.Unknown\n\u2022Attribute.Integrity.Variety.Other\n\u2022Action.Malware.Vector.Email unknown", "metadata": []}, {"techniqueID": "T1564.014", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1675", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.vector.Hypervisor\n\u2022action.hacking.vector.Inter-tenant", "metadata": []}, {"techniqueID": "T1667", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.DoS", "metadata": []}, {"techniqueID": "T1569", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1564.013", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1518.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1505.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1200", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Physical access\n\u2022Attribute.Integrity.Variety.Hardware tampering\n\u2022Value_chain.development.variety.Physical", "metadata": []}, {"techniqueID": "T1219", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Adminware\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1213", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1204.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1204.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1176.001", "score": 1, "comment": " Related to: \n \u2022Action.Malware.Vector.Other", "metadata": []}, {"techniqueID": "T1127.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1059.012", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.009", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1684.002", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.018", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1036.011", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.017", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Null byte injection\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1190", "score": 11, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig\n\u2022Action.Hacking.Variety.XQuery injection\n\u2022Action.Hacking.Variety.Reverse engineering\n\u2022Action.Hacking.Variety.URL redirector abuse\n\u2022Action.Hacking.Variety.SSI injection\n\u2022Action.Hacking.Variety.XSS\n\u2022action.hacking.variety.SQLi\n\u2022Action.Hacking.Variety.Soap array abuse\n\u2022Action.Hacking.Variety.RFI\n\u2022Action.Hacking.Variety.Path traversal\n\u2022Action.Hacking.Variety.Special element injection", "metadata": []}, {"techniqueID": "T1210", "score": 1, "comment": " Related to: \n \u2022Action.Hacking.Variety.Soap array abuse", "metadata": []}, {"techniqueID": "T1071.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Command shell\n\u2022Action.Hacking.Variety.Soap array abuse\n\u2022action.hacking.variety.Other\n\u2022action.malware.vector.Email attachment", "metadata": []}, {"techniqueID": "T1203", "score": 13, "comment": " Related to: \n \u2022action.malware.variety.Client-side attack\n\u2022Action.Hacking.Variety.Reverse engineering\n\u2022action.hacking.variety.HTTP request splitting\n\u2022action.hacking.variety.HTTP request smuggling\n\u2022Action.Social.Vector.Documents\n\u2022Action.Hacking.Variety.CSRF\n\u2022action.hacking.variety.Buffer overflow\n\u2022action.hacking.variety.HTTP response splitting\n\u2022action.malware.vector.Email attachment\n\u2022Action.Social.Vector.IM\n\u2022Action.Social.Variety.Scam\n\u2022Action.Malware.Vector.Email autoexecute\n\u2022action.hacking.variety.HTTP response smuggling", "metadata": []}, {"techniqueID": "T1683.001", "score": 1, "comment": " Related to: \n \u2022Value_chain.development.variety.Email", "metadata": []}, {"techniqueID": "T1498", "score": 5, "comment": " Related to: \n \u2022Attribute.Availability.Variety.Acceleration\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1566.001", "score": 5, "comment": " Related to: \n \u2022Action.Hacking.Variety.Mail command injection\n\u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.vector.Email attachment\n\u2022action.malware.vector.Email", "metadata": []}, {"techniqueID": "T1566.002", "score": 8, "comment": " Related to: \n \u2022Action.Hacking.Variety.Mail command injection\n\u2022action.social.variety.Phishing\n\u2022action.malware.variety.Destroy data\n\u2022action.social.vector.Email\n\u2022attribute.integrity.variety.Modify privileges\n\u2022action.social.vector.Web application\n\u2022attribute.integrity.variety.Modify configuration\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1068", "score": 9, "comment": " Related to: \n \u2022action.hacking.variety.LDAP injection\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Format string attack\n\u2022action.hacking.variety.Fuzz testing\n\u2022action.hacking.variety.Integer overflows\n\u2022action.hacking.variety.Exploit vuln\n\u2022Action.Hacking.Variety.User breakout\n\u2022action.malware.variety.Exploit misconfig\n\u2022action.hacking.variety.Insecure deserialization", "metadata": []}, {"techniqueID": "T1499", "score": 10, "comment": " Related to: \n \u2022Attribute.Availability.Variety.Acceleration\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022Action.Hacking.Variety.XML attribute blowup\n\u2022action.hacking.variety.Soap array abuse\n\u2022action.hacking.variety.XML external entities\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.DoS\n\u2022Action.Hacking.Variety.XML entity expansion", "metadata": []}, {"techniqueID": "T1669", "score": 1, "comment": " Related to: \n \u2022Action.Hacking.Vector.Other", "metadata": []}, {"techniqueID": "T1566", "score": 7, "comment": " Related to: \n \u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.vector.Instant messaging\n\u2022Action.Social.Variety.Spam\n\u2022Action.Social.Variety.Propaganda\n\u2022Action.Malware.Variety.Spam\n\u2022Action.Social.Vector.SMS", "metadata": []}, {"techniqueID": "T1176.002", "score": 1, "comment": " Related to: \n \u2022Action.Malware.Vector.Other", "metadata": []}, {"techniqueID": "T1204", "score": 6, "comment": " Related to: \n \u2022Action.Social.Variety.Baiting\n\u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.social.vector.Social media\n\u2022action.malware.variety.Other\n\u2022action.malware.variety.Downloader", "metadata": []}, {"techniqueID": "T1621", "score": 1, "comment": " Related to: \n \u2022Action.Social.Variety.Prompt Bombing", "metadata": []}, {"techniqueID": "T1598.004", "score": 6, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.social.variety.Phishing\n\u2022Action.Social.Vector.Phone\n\u2022action.malware.variety.RAM scraper\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1657", "score": 1, "comment": " Related to: \n \u2022Attribute.Integrity.Variety.Fraudulent transaction", "metadata": []}, {"techniqueID": "T1195.003", "score": 1, "comment": " Related to: \n \u2022Attribute.Integrity.Variety.Hardware tampering", "metadata": []}, {"techniqueID": "T1587.001", "score": 7, "comment": " Related to: \n \u2022value_chain.development.variety.Payload\n\u2022value_chain.development.variety.Ransomware\n\u2022value_chain.development.variety.Trojan\n\u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Bot\n\u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1674", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1001.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1001.002", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Other\n\u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.malware.variety.Downloader\n\u2022action.social.vector.Social media\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1001.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.hacking.variety.Other\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1071.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1071.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1105", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Other\n\u2022action.hacking.vector.Other network service", "metadata": []}, {"techniqueID": "T1204.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1204.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1204.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Other", "metadata": []}, {"techniqueID": "T1671", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1027.012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.013", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1059.013", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.010", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1059.011", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1127.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1098.006", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1027.016", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.010", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1027.014", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1070.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1132.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1021.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1021.008", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1134.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1071.005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1016.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1111", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Spyware/Keylogger\n\u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.AiTM", "metadata": []}, {"techniqueID": "T1047", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.vector.Direct install\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1053", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Backdoor\n\u2022action.hacking.vector.Backdoor", "metadata": []}, {"techniqueID": "T1053.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1053.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1053.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1053.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1053.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1059.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1059.008", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1072", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.vector.Software update\n\u2022action.malware.variety.Export data\n\u2022action.malware.variety.Adminware", "metadata": []}, {"techniqueID": "T1106", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1112", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1127", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1127.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1129", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1137.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1187", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.hacking.variety.AiTM", "metadata": []}, {"techniqueID": "T1202", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1216", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1216.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1216.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Destroy data", "metadata": []}, {"techniqueID": "T1218.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.007", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.008", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.009", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1185", "score": 8, "comment": " Related to: \n \u2022action.hacking.variety.Session fixation\n\u2022action.hacking.variety.HTTP request splitting\n\u2022action.hacking.variety.HTTP request smuggling\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.HTTP response splitting\n\u2022action.hacking.variety.AiTM\n\u2022action.malware.variety.Capture app data\n\u2022action.hacking.variety.HTTP response smuggling", "metadata": []}, {"techniqueID": "T1037", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1078", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.hacking.vector.Backdoor\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1098", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022attribute.integrity.variety.Modify privileges\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1133", "score": 9, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.malware.vector.Remote injection\n\u2022action.hacking.vector.3rd party desktop\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Backdoor\n\u2022action.hacking.vector.VPN\n\u2022action.hacking.vector.Desktop sharing software\n\u2022action.malware.vector.Web application\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1563.002", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Backdoor\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Modify data\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1110", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1222.002", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1565.001", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Brute force\n\u2022attribute.integrity.variety.Modify data\n\u2022action.hacking.variety.Brute force\n\u2022action.hacking.variety.Offline cracking", "metadata": []}, {"techniqueID": "T1021.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Brute force\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1102.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1602.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1584.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1008", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1036.012", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1090", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1102", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1104", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1132", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1583.007", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1205", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1211", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1212", "score": 7, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig\n\u2022action.malware.variety.Password dumper\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.hacking.variety.Session fixation\n\u2022action.hacking.variety.Exploit vuln\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.vector.Web application - drive-by", "metadata": []}, {"techniqueID": "T1690", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.OS commanding\n\u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1505.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.OS commanding\n\u2022action.hacking.vector.Command shell", "metadata": []}, {"techniqueID": "T1007", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.malware.variety.Profile host\n\u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Scan network\n\u2022action.malware.variety.Packet sniffer", "metadata": []}, {"techniqueID": "T1012", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1033", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1057", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1069", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1136.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1082", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1083", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Profile host", "metadata": []}, {"techniqueID": "T1087", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1573.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1119", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1120", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1124", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1201", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1018", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1046", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1049", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1135", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1134", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1021", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.C2\n\u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1027.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1029", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1547.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1598.003", "score": 5, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022action.social.variety.Phishing\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.vector.Email link", "metadata": []}, {"techniqueID": "T1560.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Export data\n\u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1583.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.Forced browsing", "metadata": []}, {"techniqueID": "T1011.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1550.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.Session replay", "metadata": []}, {"techniqueID": "T1601.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1569.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.vector.Direct install", "metadata": []}, {"techniqueID": "T1654", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1548", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1041", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1558.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.hacking.variety.XML external entities", "metadata": []}, {"techniqueID": "T1010", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.XPath injection", "metadata": []}, {"techniqueID": "T1552.008", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Command shell\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1546.013", "score": 3, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022action.hacking.vector.Command shell\n\u2022action.malware.vector.Email attachment", "metadata": []}, {"techniqueID": "T1584.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.vector.Command shell\n\u2022action.hacking.variety.DoS", "metadata": []}, {"techniqueID": "T1095", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1195", "score": 3, "comment": " Related to: \n \u2022action.malware.vector.Software update\n\u2022action.hacking.vector.Partner\n\u2022action.malware.vector.Partner", "metadata": []}, {"techniqueID": "T1499.003", "score": 6, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.hacking.vector.Partner\n\u2022action.social.vector.Software\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1589.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022action.hacking.vector.Partner\n\u2022action.social.vector.Software", "metadata": []}, {"techniqueID": "T1499.002", "score": 6, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.social.vector.Partner\n\u2022action.hacking.vector.Partner\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1199", "score": 4, "comment": " Related to: \n \u2022action.malware.vector.Partner\n\u2022action.hacking.vector.Partner\n\u2022action.malware.variety.Adware\n\u2022action.social.vector.Partner", "metadata": []}, {"techniqueID": "T1219.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.vector.Physical access", "metadata": []}, {"techniqueID": "T1090.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022action.hacking.vector.Web application", "metadata": []}, {"techniqueID": "T1584.007", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1055.014", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1561", "score": 5, "comment": " Related to: \n \u2022attribute.availability.variety.Interruption\n\u2022attribute.availability.variety.Destruction\n\u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1566.003", "score": 3, "comment": " Related to: \n \u2022action.social.vector.Email\n\u2022action.malware.variety.C2\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1070.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1578.005", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1546.014", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1485", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption\n\u2022action.malware.variety.C2\n\u2022attribute.availability.variety.Destruction", "metadata": []}, {"techniqueID": "T1056", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1596.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1547.006", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1546.017", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Spyware/Keylogger\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1113", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1114", "score": 5, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Capture app data\n\u2022action.malware.variety.RAM scraper", "metadata": []}, {"techniqueID": "T1110.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1556.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1546.009", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1123", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1125", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1176", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - drive-by\n\u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1587", "score": 5, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022value_chain.development.variety.Unknown\n\u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1558.003", "score": 5, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1565.002", "score": 3, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data\n\u2022action.malware.variety.Capture stored data\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1025", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1039", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1542.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1092", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.vector.Removable media", "metadata": []}, {"techniqueID": "T1600.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1496.001", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Cryptocurrency mining\n\u2022action.malware.variety.Click fraud and cryptocurrency mining", "metadata": []}, {"techniqueID": "T1006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1563", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1505.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1195.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1568", "score": 6, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.vector.Download by malware\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1074.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1622", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1559.002", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.social.vector.Social media\n\u2022action.malware.vector.Email attachment\n\u2022action.malware.variety.Downloader", "metadata": []}, {"techniqueID": "T1027.005", "score": 6, "comment": " Related to: \n \u2022action.malware.variety.Trojan\n\u2022action.social.variety.Phishing\n\u2022action.social.vector.Email\n\u2022action.social.vector.Social media\n\u2022action.social.variety.Pretexting\n\u2022action.malware.variety.Downloader", "metadata": []}, {"techniqueID": "T1014", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Rootkit\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1011", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1021.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1020", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1055.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1030", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1070", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1552.006", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1213.005", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1052", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1074", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1218.013", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1574.014", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1197", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1115", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1055", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1612", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1560.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1538", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.In-memory", "metadata": []}, {"techniqueID": "T1548.006", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1585.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022action.social.variety.Pretexting\n\u2022value_chain.development.variety.Persona", "metadata": []}, {"techniqueID": "T1546.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.In-memory\n\u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1222", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.RAM scraper", "metadata": []}, {"techniqueID": "T1547", "score": 9, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Backdoor\n\u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.vector.Backdoor\n\u2022attribute.integrity.variety.Modify configuration\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.RAM scraper", "metadata": []}, {"techniqueID": "T1016", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1496.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1140", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1091", "score": 3, "comment": " Related to: \n \u2022action.social.vector.Removable media\n\u2022action.malware.variety.Worm\n\u2022action.malware.vector.Removable media", "metadata": []}, {"techniqueID": "T1189", "score": 2, "comment": " Related to: \n \u2022action.malware.vector.Web application - drive-by\n\u2022action.social.vector.Web application", "metadata": []}, {"techniqueID": "T1686.001", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.social.variety.Forgery\n\u2022action.hacking.variety.Disable controls\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1003.008", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1020.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1040", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1048.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1052.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1056.004", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.001", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.002", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1114.003", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1136", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1136.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1136.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Created account", "metadata": []}, {"techniqueID": "T1685.006", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Log tampering\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1037.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1037.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1098.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1098.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1218.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1205.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1218.012", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1207", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1218.014", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1218.015", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1219.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.vector.Desktop sharing software", "metadata": []}, {"techniqueID": "T1220", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1213.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data", "metadata": []}, {"techniqueID": "T1213.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.003", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1213.004", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1480", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1480.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Profile host\n\u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1480.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1688", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1496", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Hijack\n\u2022attribute.availability.variety.Degradation\n\u2022action.malware.variety.Click fraud and cryptocurrency mining\n\u2022action.malware.variety.Cryptocurrency mining\n\u2022action.malware.variety.Click fraud", "metadata": []}, {"techniqueID": "T1496.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1496.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Hijack", "metadata": []}, {"techniqueID": "T1497", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.vector.Hypervisor\n\u2022action.hacking.vector.Inter-tenant", "metadata": []}, {"techniqueID": "T1498.001", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1498.002", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1219.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Adminware", "metadata": []}, {"techniqueID": "T1499.001", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1221", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Client-side attack", "metadata": []}, {"techniqueID": "T1222.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1499.004", "score": 4, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Degradation\n\u2022action.hacking.variety.DoS\n\u2022action.malware.variety.DoS", "metadata": []}, {"techniqueID": "T1505.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1505.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1482", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1484", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1484.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1484.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1485.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption\n\u2022attribute.availability.variety.Destruction", "metadata": []}, {"techniqueID": "T1486", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Interruption\n\u2022action.malware.variety.Ransomware\n\u2022attribute.availability.variety.Obscuration", "metadata": []}, {"techniqueID": "T1518", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1490", "score": 3, "comment": " Related to: \n \u2022attribute.availability.variety.Loss\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Ransomware", "metadata": []}, {"techniqueID": "T1491", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Defacement\n\u2022attribute.availability.variety.Obscuration", "metadata": []}, {"techniqueID": "T1491.001", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Defacement\n\u2022attribute.availability.variety.Obscuration", "metadata": []}, {"techniqueID": "T1491.002", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Defacement\n\u2022attribute.availability.variety.Obscuration", "metadata": []}, {"techniqueID": "T1495", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption\n\u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss", "metadata": []}, {"techniqueID": "T1518.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1525", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.malware.variety.RAT\n\u2022action.malware.variety.Unknown\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1526", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1529", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.availability.variety.Interruption", "metadata": []}, {"techniqueID": "T1531", "score": 5, "comment": " Related to: \n \u2022attribute.availability.variety.Interruption\n\u2022action.hacking.variety.Brute force\n\u2022action.hacking.variety.Unknown\n\u2022attribute.availability.variety.Destruction\n\u2022action.malware.variety.Brute force", "metadata": []}, {"techniqueID": "T1539", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Capture app data\n\u2022action.hacking.variety.Session replay\n\u2022action.hacking.variety.Forced browsing\n\u2022action.hacking.variety.AiTM", "metadata": []}, {"techniqueID": "T1497.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1497.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1497.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1543", "score": 7, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Backdoor\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Rootkit\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1543.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.003", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.RAT", "metadata": []}, {"techniqueID": "T1543.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1543.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1505", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1546", "score": 6, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior\n\u2022action.hacking.variety.Backdoor\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.XML injection\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1505.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Backdoor\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1528", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Capture app data", "metadata": []}, {"techniqueID": "T1548.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1530", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1548.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Exploit misconfig\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1534", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022attribute.integrity.variety.Misrepresentation", "metadata": []}, {"techniqueID": "T1535", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Repurpose", "metadata": []}, {"techniqueID": "T1537", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1548.003", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Client-side attack\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1542", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1542.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Rootkit", "metadata": []}, {"techniqueID": "T1548.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1548.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1550", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.vector.Network propagation\n\u2022action.malware.variety.Pass-the-hash", "metadata": []}, {"techniqueID": "T1550.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1550.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.Pass-the-hash\n\u2022action.hacking.variety.Pass-the-hash", "metadata": []}, {"techniqueID": "T1550.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1546.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.004", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.006", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.007", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.008", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.010", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.011", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.012", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.015", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Alter behavior", "metadata": []}, {"techniqueID": "T1546.016", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation", "metadata": []}, {"techniqueID": "T1547.001", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.002", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.007", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.008", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.009", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.010", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.012", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.013", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration", "metadata": []}, {"techniqueID": "T1547.014", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1553", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1554", "score": 6, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.malware.variety.Trojan\n\u2022action.hacking.vector.Backdoor\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.Adminware\n\u2022action.malware.variety.Backdoor", "metadata": []}, {"techniqueID": "T1556", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Backdoor\n\u2022action.hacking.vector.Backdoor\n\u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1557", "score": 4, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.AiTM\n\u2022action.hacking.variety.AiTM\n\u2022action.hacking.variety.Routing detour", "metadata": []}, {"techniqueID": "T1557.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.AiTM\n\u2022action.hacking.variety.AiTM", "metadata": []}, {"techniqueID": "T1557.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Cache poisoning\n\u2022action.malware.variety.AiTM\n\u2022action.hacking.variety.AiTM", "metadata": []}, {"techniqueID": "T1558", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1558.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1552", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1552.001", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.002", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.004", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.005", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1552.007", "score": 1, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1553.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1553.006", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1558.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.malware.variety.Exploit misconfig\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1555", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.001", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.002", "score": 3, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper\n\u2022action.malware.variety.RAM scraper", "metadata": []}, {"techniqueID": "T1555.003", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.004", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.005", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1555.006", "score": 2, "comment": " Related to: \n \u2022attribute.confidentiality.data_disclosure\n\u2022action.malware.variety.Password dumper", "metadata": []}, {"techniqueID": "T1559", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1556.001", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1556.003", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1556.004", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1559.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1685", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls\n\u2022action.malware.variety.Modify data\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Disable controls\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1557.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.AiTM", "metadata": []}, {"techniqueID": "T1685.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1685.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1685.004", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1563.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.hacking.variety.Hijack\n\u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1560", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1560.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1561.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Loss\n\u2022attribute.availability.variety.Destruction", "metadata": []}, {"techniqueID": "T1561.002", "score": 4, "comment": " Related to: \n \u2022action.malware.variety.Destroy data\n\u2022attribute.availability.variety.Interruption\n\u2022attribute.availability.variety.Destruction\n\u2022attribute.availability.variety.Loss", "metadata": []}, {"techniqueID": "T1564", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1686", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Disable controls\n\u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1564.002", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.003", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.005", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.006", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Evade Defenses\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1564.007", "score": 5, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality\n\u2022action.malware.variety.Trojan\n\u2022action.social.variety.Evade Defenses\n\u2022action.hacking.variety.Evade Defenses\n\u2022action.malware.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1565", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data", "metadata": []}, {"techniqueID": "T1565.003", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify data", "metadata": []}, {"techniqueID": "T1566.004", "score": 1, "comment": " Related to: \n \u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1567", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.001", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.002", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.003", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1567.004", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Export data\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1568.001", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1568.002", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1568.003", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1569.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1569.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1571", "score": 3, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1572", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1570", "score": 1, "comment": " Related to: \n \u2022action.malware.vector.Network propagation", "metadata": []}, {"techniqueID": "T1573", "score": 4, "comment": " Related to: \n \u2022action.hacking.vector.Other network service\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1573.002", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Backdoor or C2\n\u2022action.malware.variety.C2\n\u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1574", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.XML injection", "metadata": []}, {"techniqueID": "T1574.001", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Exploit vuln\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Exploit misconfig\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1574.004", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Exploit vuln\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1574.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Hijack\n\u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1574.010", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1574.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Exploit misconfig", "metadata": []}, {"techniqueID": "T1668", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1574.012", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1578.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1578.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1580", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1583", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.vector.Web application - download", "metadata": []}, {"techniqueID": "T1583.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1583.002", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2", "metadata": []}, {"techniqueID": "T1583.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Forced browsing", "metadata": []}, {"techniqueID": "T1583.005", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.DoS\n\u2022value_chain.development.variety.Bot", "metadata": []}, {"techniqueID": "T1583.006", "score": 5, "comment": " Related to: \n \u2022value_chain.development.variety.Website\n\u2022action.malware.variety.C2\n\u2022action.malware.variety.Backdoor or C2\n\u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Forced browsing", "metadata": []}, {"techniqueID": "T1584", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.vector.Web application - download", "metadata": []}, {"techniqueID": "T1584.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1584.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1584.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1585", "score": 2, "comment": " Related to: \n \u2022value_chain.development.variety.Persona\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1585.002", "score": 2, "comment": " Related to: \n \u2022value_chain.development.variety.Persona\n\u2022action.social.variety.Pretexting", "metadata": []}, {"techniqueID": "T1586", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1586.001", "score": 3, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds\n\u2022action.social.variety.Pretexting\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1586.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1587.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1587.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1587.004", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Exploit\n\u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Exploit Kits", "metadata": []}, {"techniqueID": "T1588", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.001", "score": 6, "comment": " Related to: \n \u2022value_chain.development.variety.Payload\n\u2022value_chain.development.variety.Ransomware\n\u2022value_chain.development.variety.Trojan\n\u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Bot\n\u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.003", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1588.004", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Other", "metadata": []}, {"techniqueID": "T1588.005", "score": 4, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022value_chain.development.variety.Exploit\n\u2022action.malware.variety.Unknown\n\u2022value_chain.development.variety.Exploit Kits", "metadata": []}, {"techniqueID": "T1588.006", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1588.007", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1589", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1589.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1589.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1590.006", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1592.004", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1595", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1595.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1595.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Exploit vuln\n\u2022action.malware.variety.Scan network", "metadata": []}, {"techniqueID": "T1598", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1598.001", "score": 2, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1598.002", "score": 3, "comment": " Related to: \n \u2022action.social.variety.Pretexting\n\u2022action.malware.vector.Email attachment\n\u2022action.social.variety.Phishing", "metadata": []}, {"techniqueID": "T1599", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1599.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1600", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Cryptanalysis\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1600.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1601", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1601.001", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Software installation\n\u2022action.malware.variety.Disable controls", "metadata": []}, {"techniqueID": "T1602", "score": 3, "comment": " Related to: \n \u2022action.malware.variety.Capture stored data\n\u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1602.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Scan network\n\u2022attribute.confidentiality.data_disclosure", "metadata": []}, {"techniqueID": "T1606", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Session prediction", "metadata": []}, {"techniqueID": "T1606.001", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.hacking.variety.Session prediction", "metadata": []}, {"techniqueID": "T1606.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Unknown", "metadata": []}, {"techniqueID": "T1608", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.001", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.002", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.004", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1608.005", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.Unknown", "metadata": []}, {"techniqueID": "T1609", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1610", "score": 2, "comment": " Related to: \n \u2022action.malware.variety.Unknown\n\u2022action.malware.variety.Downloader", "metadata": []}, {"techniqueID": "T1611", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Virtual machine escape", "metadata": []}, {"techniqueID": "T1613", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Scan network", "metadata": []}, {"techniqueID": "T1614", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1614.001", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1110.003", "score": 1, "comment": " Related to: \n \u2022action.malware.variety.C2", "metadata": []}, {"techniqueID": "T1588.002", "score": 2, "comment": " Related to: \n \u2022action.hacking.variety.Unknown\n\u2022action.malware.variety.Export data", "metadata": []}, {"techniqueID": "T1584.008", "score": 2, "comment": " Related to: \n \u2022action.hacking.vector.Partner\n\u2022action.malware.vector.Partner", "metadata": []}, {"techniqueID": "T1659", "score": 1, "comment": " Related to: \n \u2022action.malware.vector.remote injection", "metadata": []}, {"techniqueID": "T1556.008", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1556.009", "score": 2, "comment": " Related to: \n \u2022attribute.integrity.variety.Modify configuration\n\u2022attribute.integrity.variety.Modify privileges", "metadata": []}, {"techniqueID": "T1558.005", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Use of stolen creds", "metadata": []}, {"techniqueID": "T1564.011", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1651", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1652", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Profile host", "metadata": []}, {"techniqueID": "T1653", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1665", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Abuse of functionality", "metadata": []}, {"techniqueID": "T1666", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Evade Defenses", "metadata": []}, {"techniqueID": "T1686.002", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1686.003", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Disable controls", "metadata": []}, {"techniqueID": "T1689", "score": 1, "comment": " Related to: \n \u2022action.hacking.variety.Other", "metadata": []}, {"techniqueID": "T1098.005", "score": 1, "comment": " Related to: \n \u2022attribute.integrity.variety.Register MFA device", "metadata": []}], "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 15}}