VERIS action.hacking.variety.Abuse of functionality Mappings

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1047 Windows Management Instrumentation
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053 Scheduled Task/Job
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.002 Scheduled Task/Job: At
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.003 Scheduled Task/Job: Cron
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.005 Scheduled Task/Job: Scheduled Task
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.006 Scheduled Task/Job: Systemd Timers
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.007 Scheduled Task/Job: Container Orchestration Job
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059 Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.001 Command and Scripting Interpreter: PowerShell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.002 Command and Scripting Interpreter: AppleScript
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.003 Command and Scripting Interpreter: Windows Command Shell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.004 Command and Scripting Interpreter: Unix Shell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.005 Command and Scripting Interpreter: Visual Basic
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.006 Command and Scripting Interpreter: Python
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.007 Command and Scripting Interpreter: JavaScript
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.008 Command and Scripting Interpreter: Network Device CLI
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1072 Software Deployment Tools
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1106 Native API
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1112 Modify Registry
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1127 Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1127.001 Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1129 Shared Modules
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137 Office Application Startup
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.001 Office Application Startup: Office Template Macros
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.002 Office Application Startup: Office Test
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.003 Office Application Startup: Outlook Forms
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.004 Office Application Startup: Outlook Home Page
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.005 Office Application Startup: Outlook Rules
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1187 Forced Authentication
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1202 Indirect Command Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1216 Signed Script Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1216.001 Signed Script Proxy Execution: PubPrn
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218 Signed Binary Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.001 Signed Binary Proxy Execution: Compiled HTML File
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.002 Signed Binary Proxy Execution: Control Panel
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.003 Signed Binary Proxy Execution: CMSTP
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.004 Signed Binary Proxy Execution: InstallUtil
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.005 Signed Binary Proxy Execution: Mshta
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.007 Signed Binary Proxy Execution: Msiexec
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.008 Signed Binary Proxy Execution: Odbcconf
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.009 Signed Binary Proxy Execution: Regsvcs/Regasm
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.010 Signed Binary Proxy Execution: Regsvr32
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.011 Signed Binary Proxy Execution: Rundll32
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.012 Signed Binary Proxy Execution: Verclsid
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.013 System Binary Proxy Execution: Mavinject
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.014 System Binary Proxy Execution: MMC
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1220 XSL Script Processing
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1505.001 Server Software Component: SQL Stored Procedures
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1505.002 Server Software Component: Transport Agent
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1529 System Shutdown/Reboot
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543 Create or Modify System Process
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.001 Create or Modify System Process: Launch Agent
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.002 Create or Modify System Process: Systemd Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.003 Create or Modify System Process: Windows Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.004 Create or Modify System Process: Launch Daemon
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1547 Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548 Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.001 Abuse Elevation Control Mechanism: Setuid and Setgid
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.003 Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.004 Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559 Inter-Process Communication
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559.001 Inter-Process Communication: Component Object Model
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559.002 Inter-Process Communication: Dynamic Data Exchange
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563 Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563.001 Remote Service Session Hijacking: SSH Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563.002 Remote Service Session Hijacking: RDP Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564 Hide Artifacts
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.001 Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.002 Hide Artifacts: Hidden Users
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.003 Hide Artifacts: Hidden Window
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.004 Hide Artifacts: NTFS File Attributes
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.005 Hide Artifacts: Hidden File System
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.006 Hide Artifacts: Run Virtual Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.007 Hide Artifacts: VBA Stomping
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569 System Services
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569.001 System Services: Launchctl
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569.002 System Services: Service Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578 Modify Cloud Computer Infrastructure
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.001 Modify Cloud Computer Infrastructure: Create Snapshot
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.002 Modify Cloud Computer Infrastructure: Create Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.003 Modify Cloud Computer Infrastructure: Delete Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.004 Modify Cloud Computer Infrastructure: Revert Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1609 Container Administration Command