| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564 |
Hide Artifacts |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.001 |
Hide Artifacts: Hidden Files and Directories |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.002 |
Hide Artifacts: Hidden Users |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.003 |
Hide Artifacts: Hidden Window |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.004 |
Hide Artifacts: NTFS File Attributes |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.005 |
Hide Artifacts: Hidden File System |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.006 |
Hide Artifacts: Run Virtual Instance |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1564.007 |
Hide Artifacts: VBA Stomping |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1562 |
Impair Defenses |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1622 |
Debugger Evasion |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1211 |
Exploitation for Defense Evasion |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1036 |
Masquerading |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1014 |
Rootkit |
| action.social.variety.Evade Defenses |
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. |
related-to |
T1553 |
Subvert Trust Controls |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1586.001 |
Compromise Account: Social Media Accounts |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1586.001 |
Compromise Account: Social Media Accounts |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1584.001 |
Compromise Infrastructure: Domains |
| action.social.vector.Partner |
Partner connection or credential. (Indicates supply chain breach.) |
related-to |
T1199 |
Trusted Relationship |
| action.social.vector.Software |
Software |
related-to |
T1195.001 |
Supply Chain Compromise: Compromise Software Dependencies and Development Tools |
| action.social.vector.Software |
Software |
related-to |
T1195.002 |
Supply Chain Compromise: Compromise Software Supply Chain |
| action.social.vector.Partner |
Partner connection or credential. (Indicates supply chain breach.) |
related-to |
T1195.003 |
Supply Chain Compromise: Compromise Hardware Supply Chain |
| action.social.variety.Forgery |
Forgery or counterfeiting (fake hardware, software, documents, etc) |
related-to |
T1036.002 |
Masquerading: Right-to-Left Override |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1036.002 |
Masquerading: Right-to-Left Override |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1204 |
User Execution |
| action.social.vector.Email |
Email |
related-to |
T1204 |
User Execution |
| action.social.vector.Social media |
Social media or networking |
related-to |
T1204 |
User Execution |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1204.001 |
User Execution: Malicious Link |
| action.social.vector.Email |
Email |
related-to |
T1204.001 |
User Execution: Malicious Link |
| action.social.vector.Social media |
Social media or networking |
related-to |
T1204.001 |
User Execution: Malicious Link |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1204.002 |
User Execution: Malicious File |
| action.social.vector.Email |
Email |
related-to |
T1204.002 |
User Execution: Malicious File |
| action.social.vector.Social media |
Social media or networking |
related-to |
T1204.002 |
User Execution: Malicious File |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1204.003 |
User Execution: Malicious Image |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1204.003 |
User Execution: Malicious Image |
| action.social.vector.Email |
Email |
related-to |
T1204.003 |
User Execution: Malicious Image |
| action.social.vector.Social media |
Social media or networking |
related-to |
T1204.003 |
User Execution: Malicious Image |
| action.social.vector.Removable media |
Removable storage media |
related-to |
T1091 |
Replication Through Removable Media |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1566.001 |
Phishing: Spearphishing Attachment |
| action.social.vector.Email |
Email |
related-to |
T1566.001 |
Phishing: Spearphishing Attachment |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1598.002 |
Phishing for Information: Spearphishing Attachment |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1598.002 |
Phishing for Information: Spearphishing Attachment |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1598.003 |
Phishing for Information: Spearphishing Link |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1598.003 |
Phishing for Information: Spearphishing Link |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1566 |
Phishing |
| action.social.vector.Email |
Email |
related-to |
T1566 |
Phishing |
| action.social.vector.Web application |
Web application |
related-to |
T1189 |
Drive-by Compromise |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1566.002 |
Phishing: Spearphishing Link |
| action.social.vector.Email |
Email |
related-to |
T1566.002 |
Phishing: Spearphishing Link |
| action.social.vector.Web application |
Web application |
related-to |
T1566.002 |
Phishing: Spearphishing Link |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1566.003 |
Phishing: Spearphishing via Service |
| action.social.vector.Email |
Email |
related-to |
T1566.003 |
Phishing: Spearphishing via Service |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1598 |
Phishing for Information |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1598 |
Phishing for Information |
| action.social.variety.Phishing |
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. |
related-to |
T1598.001 |
Phishing for Information: Spearphishing Service |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1598.001 |
Phishing for Information: Spearphishing Service |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1534 |
Internal Spearphishing |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1585 |
Establish Accounts |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1585.001 |
Establish Accounts: Social Media Accounts |
| action.social.variety.Pretexting |
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data. |
related-to |
T1585.002 |
Establish Accounts: Email Account |
