ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Abuse of functionality.
VERIS
action.hacking.variety.Abuse of functionality
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.011
Fileless Storage
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.012
LNK Icon Smuggling
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.013
Encrypted/Encoded File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.009
Cloud API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.010
AutoHotKey & AutoIT
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.011
Lua
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.002
ClickOnce
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1047
Windows Management Instrumentation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053
Scheduled Task/Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.002
At
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.003
Cron
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.005
Scheduled Task
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.006
Systemd Timers
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.007
Container Orchestration Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059
Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.001
PowerShell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.002
AppleScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.003
Windows Command Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.004
Unix Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.005
Visual Basic
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.006
Python
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.007
JavaScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.008
Network Device CLI
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1072
Software Deployment Tools
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1105
Ingress Tool Transfer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1106
Native API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1112
Modify Registry
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127
Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.001
MSBuild
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1129
Shared Modules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137
Office Application Startup
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.001
Office Template Macros
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.002
Office Test
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.003
Outlook Forms
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.004
Outlook Home Page
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.005
Outlook Rules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1187
Forced Authentication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1202
Indirect Command Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216
System Script Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.001
PubPrn
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.002
SyncAppvPublishingServer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218
System Binary Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.001
Compiled HTML File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.002
Control Panel
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.003
CMSTP
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.004
InstallUtil
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.005
Mshta
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.007
Msiexec
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.008
Odbcconf
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.009
Regsvcs/Regasm
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.010
Regsvr32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.011
Rundll32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.012
Verclsid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.013
Mavinject
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.014
MMC
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.015
Electron Applications
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1220
XSL Script Processing
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.001
SQL Stored Procedures
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.002
Transport Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1529
System Shutdown/Reboot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543
Create or Modify System Process
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.001
Launch Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.002
Systemd Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.003
Windows Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.004
Launch Daemon
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1547
Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.001
Setuid and Setgid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.002
Bypass User Account Control
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.003
Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.004
Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559
Inter-Process Communication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.001
Component Object Model
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.002
Dynamic Data Exchange
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563
Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.001
SSH Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.002
RDP Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564
Hide Artifacts
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.001
Hidden Files and Directories
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.002
Hidden Users
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.003
Hidden Window
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.004
NTFS File Attributes
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.005
Hidden File System
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.006
Run Virtual Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.007
VBA Stomping
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569
System Services
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.001
Launchctl
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.002
Service Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578
Modify Cloud Compute Infrastructure
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.001
Create Snapshot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.002
Create Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.003
Delete Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.004
Revert Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.005
Modify Cloud Compute Configurations
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1609
Container Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.012
File/Path Exclusions
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1651
Cloud Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1653
Power Settings
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1665
Hide Infrastructure