ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
(malware never stored to persistent storage)
VERIS
action.malware.variety.In-memory
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1003.007
OS Credential Dumping: Proc Filesystem
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055
Process Injection
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.001
Process Injection: Dynamic-link Library Injection
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.002
Process Injection: Portable Executable Injection
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.003
Process Injection: Thread Execution Hijacking
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.004
Process Injection: Asynchronous Procedure Call
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.005
Process Injection: Thread Local Storage
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.008
Process Injection: Ptrace System Calls
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.009
Process Injection: Proc Memory
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.011
Process Injection: Extra Window Memory Injection
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.012
Process Injection: Process Hollowing
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.013
Process Injection: Process Doppelganging
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1055.014
Process Injection: VDSO Hijacking
action.malware.variety.In-memory
(malware never stored to persistent storage)
related-to
T1115
Clipboard Data
