VERIS action.hacking.variety.Abuse of functionality Mappings

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1027.011 Fileless Storage
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1027.012 LNK Icon Smuggling
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1027.013 Encrypted/Encoded File
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.009 Cloud API
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.010 AutoHotKey & AutoIT
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.011 Lua
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1127.002 ClickOnce
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1047 Windows Management Instrumentation
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053 Scheduled Task/Job
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.002 At
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.003 Cron
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.005 Scheduled Task
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.006 Systemd Timers
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1053.007 Container Orchestration Job
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059 Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.001 PowerShell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.002 AppleScript
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.003 Windows Command Shell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.004 Unix Shell
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.005 Visual Basic
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.006 Python
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.007 JavaScript
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1059.008 Network Device CLI
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1072 Software Deployment Tools
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1105 Ingress Tool Transfer
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1106 Native API
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1112 Modify Registry
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1127 Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1127.001 MSBuild
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1129 Shared Modules
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137 Office Application Startup
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.001 Office Template Macros
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.002 Office Test
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.003 Outlook Forms
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.004 Outlook Home Page
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1137.005 Outlook Rules
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1187 Forced Authentication
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1202 Indirect Command Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1216 System Script Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1216.001 PubPrn
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1216.002 SyncAppvPublishingServer
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218 System Binary Proxy Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.001 Compiled HTML File
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.002 Control Panel
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.003 CMSTP
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.004 InstallUtil
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.005 Mshta
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.007 Msiexec
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.008 Odbcconf
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.009 Regsvcs/Regasm
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.010 Regsvr32
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.011 Rundll32
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.012 Verclsid
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.013 Mavinject
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.014 MMC
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.015 Electron Applications
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1220 XSL Script Processing
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1505.001 SQL Stored Procedures
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1505.002 Transport Agent
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1529 System Shutdown/Reboot
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543 Create or Modify System Process
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.001 Launch Agent
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.002 Systemd Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.003 Windows Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.004 Launch Daemon
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.005 Container Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1547 Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548 Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.001 Setuid and Setgid
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.002 Bypass User Account Control
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.003 Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.004 Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.005 Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.006 TCC Manipulation
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559 Inter-Process Communication
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559.001 Component Object Model
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1559.002 Dynamic Data Exchange
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563 Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563.001 SSH Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1563.002 RDP Hijacking
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564 Hide Artifacts
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.001 Hidden Files and Directories
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.002 Hidden Users
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.003 Hidden Window
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.004 NTFS File Attributes
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.005 Hidden File System
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.006 Run Virtual Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.007 VBA Stomping
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569 System Services
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569.001 Launchctl
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1569.002 Service Execution
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578 Modify Cloud Compute Infrastructure
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.001 Create Snapshot
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.002 Create Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.003 Delete Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.004 Revert Cloud Instance
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1578.005 Modify Cloud Compute Configurations
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1609 Container Administration Command
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1543.005 Container Service
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.005 Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1548.006 TCC Manipulation
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1564.012 File/Path Exclusions
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1651 Cloud Administration Command
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1653 Power Settings
action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1665 Hide Infrastructure