ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CSA Cloud Controls Matrix (CCM)
CRI Profile
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Abuse of functionality.
VERIS
action.hacking.variety.Abuse of functionality
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.011
Fileless Storage
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.012
LNK Icon Smuggling
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1027.013
Encrypted/Encoded File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.009
Cloud API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.010
AutoHotKey & AutoIT
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.011
Lua
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.002
ClickOnce
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1047
Windows Management Instrumentation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053
Scheduled Task/Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.002
At
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.003
Cron
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.005
Scheduled Task
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.006
Systemd Timers
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1053.007
Container Orchestration Job
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059
Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.001
PowerShell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.002
AppleScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.003
Windows Command Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.004
Unix Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.005
Visual Basic
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.006
Python
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.007
JavaScript
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1059.008
Network Device CLI
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1072
Software Deployment Tools
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1105
Ingress Tool Transfer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1106
Native API
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1112
Modify Registry
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127
Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1127.001
MSBuild
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1129
Shared Modules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137
Office Application Startup
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.001
Office Template Macros
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.002
Office Test
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.003
Outlook Forms
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.004
Outlook Home Page
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1137.005
Outlook Rules
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1187
Forced Authentication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1202
Indirect Command Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216
System Script Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.001
PubPrn
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1216.002
SyncAppvPublishingServer
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218
System Binary Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.001
Compiled HTML File
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.002
Control Panel
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.003
CMSTP
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.004
InstallUtil
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.005
Mshta
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.007
Msiexec
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.008
Odbcconf
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.009
Regsvcs/Regasm
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.010
Regsvr32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.011
Rundll32
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.012
Verclsid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.013
Mavinject
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.014
MMC
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1218.015
Electron Applications
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1220
XSL Script Processing
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.001
SQL Stored Procedures
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1505.002
Transport Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1529
System Shutdown/Reboot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543
Create or Modify System Process
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.001
Launch Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.002
Systemd Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.003
Windows Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.004
Launch Daemon
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1547
Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.001
Setuid and Setgid
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.002
Bypass User Account Control
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.003
Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.004
Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559
Inter-Process Communication
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.001
Component Object Model
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1559.002
Dynamic Data Exchange
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563
Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.001
SSH Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1563.002
RDP Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564
Hide Artifacts
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.001
Hidden Files and Directories
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.002
Hidden Users
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.003
Hidden Window
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.004
NTFS File Attributes
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.005
Hidden File System
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.006
Run Virtual Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.007
VBA Stomping
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569
System Services
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.001
Launchctl
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1569.002
Service Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578
Modify Cloud Compute Infrastructure
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.001
Create Snapshot
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.002
Create Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.003
Delete Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.004
Revert Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1578.005
Modify Cloud Compute Configurations
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1609
Container Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1543.005
Container Service
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.005
Temporary Elevated Cloud Access
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1548.006
TCC Manipulation
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1564.012
File/Path Exclusions
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1651
Cloud Administration Command
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1653
Power Settings
action.hacking.variety.Abuse of functionality
Abuse of functionality.
related-to
T1665
Hide Infrastructure
