ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Abuse of functionality.
VERIS
action.hacking.variety.Abuse of functionality
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.011
Fileless Storage
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.012
LNK Icon Smuggling
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.013
Encrypted/Encoded File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1047
Windows Management Instrumentation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053
Scheduled Task/Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.002
Scheduled Task/Job: At
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.003
Scheduled Task/Job: Cron
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.005
Scheduled Task/Job: Scheduled Task
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.006
Scheduled Task/Job: Systemd Timers
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.007
Scheduled Task/Job: Container Orchestration Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059
Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.001
Command and Scripting Interpreter: PowerShell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.002
Command and Scripting Interpreter: AppleScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.003
Command and Scripting Interpreter: Windows Command Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.004
Command and Scripting Interpreter: Unix Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.005
Command and Scripting Interpreter: Visual Basic
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.006
Command and Scripting Interpreter: Python
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.007
Command and Scripting Interpreter: JavaScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.008
Command and Scripting Interpreter: Network Device CLI
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.009
Cloud API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.010
AutoHotKey & AutoIT
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.011
Lua
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1072
Software Deployment Tools
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1105
Ingress Tool Transfer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1106
Native API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1112
Modify Registry
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127
Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.001
Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.002
ClickOnce
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1129
Shared Modules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137
Office Application Startup
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.001
Office Application Startup: Office Template Macros
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.002
Office Application Startup: Office Test
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.003
Office Application Startup: Outlook Forms
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.004
Office Application Startup: Outlook Home Page
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.005
Office Application Startup: Outlook Rules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1187
Forced Authentication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1202
Indirect Command Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216
System Script Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.001
System Script Proxy Execution: PubPrn
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.002
System Script Proxy Execution: SyncAppvPublishingServer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218
System Binary Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.001
System Binary Proxy Execution: Compiled HTML File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.002
System Binary Proxy Execution: Control Panel
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.003
System Binary Proxy Execution: CMSTP
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.004
System Binary Proxy Execution: InstallUtil
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.005
System Binary Proxy Execution: Mshta
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.007
System Binary Proxy Execution: Msiexec
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.008
System Binary Proxy Execution: Odbcconf
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.009
System Binary Proxy Execution: Regsvcs/Regasm
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.010
System Binary Proxy Execution: Regsvr32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.011
System Binary Proxy Execution: Rundll32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.012
System Binary Proxy Execution: Verclsid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.013
System Binary Proxy Execution: Mavinject
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.014
System Binary Proxy Execution: MMC
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.015
System Binary Proxy Execution: Electron Applications
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1220
XSL Script Processing
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.001
Server Software Component: SQL Stored Procedures
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.002
Server Software Component: Transport Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1529
System Shutdown/Reboot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543
Create or Modify System Process
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.001
Create or Modify System Process: Launch Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.002
Create or Modify System Process: Systemd Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.003
Create or Modify System Process: Windows Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.004
Create or Modify System Process: Launch Daemon
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Create or Modify System Process: Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1547
Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.001
Abuse Elevation Control Mechanism: Setuid and Setgid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.002
Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.003
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.004
Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
Abuse Elevation Control Mechanism: TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559
Inter-Process Communication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.001
Inter-Process Communication: Component Object Model
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.002
Inter-Process Communication: Dynamic Data Exchange
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563
Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.001
Remote Service Session Hijacking: SSH Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.002
Remote Service Session Hijacking: RDP Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564
Hide Artifacts
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.001
Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.002
Hide Artifacts: Hidden Users
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.003
Hide Artifacts: Hidden Window
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.004
Hide Artifacts: NTFS File Attributes
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.005
Hide Artifacts: Hidden File System
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.006
Hide Artifacts: Run Virtual Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.007
Hide Artifacts: VBA Stomping
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569
System Services
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.001
System Services: Launchctl
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.002
System Services: Service Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578
Modify Cloud Compute Infrastructure
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.001
Modify Cloud Compute Infrastructure: Create Snapshot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.002
Modify Cloud Compute Infrastructure: Create Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.003
Modify Cloud Compute Infrastructure: Delete Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.004
Modify Cloud Compute Infrastructure: Revert Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.005
Modify Cloud Compute Configurations
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1609
Container Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Create or Modify System Process: Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
Abuse Elevation Control Mechanism: TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.012
File/Path Exclusions
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1651
Cloud Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1653
Power Settings
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1665
Hide Infrastructure
