|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1656
|
Impersonation
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036.008
|
Masquerade File Type
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036.010
|
Masquerade Account Name
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1014
|
Rootkit
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036
|
Masquerading
|
|
action.social.variety.Forgery
|
Forgery or counterfeiting (fake hardware, software, documents, etc)
| related-to |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1204
|
User Execution
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1001.002
|
Steganography
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Email
|
Email
| related-to |
T1204
|
User Execution
|
|
action.social.vector.Email
|
Email
| related-to |
T1001.002
|
Steganography
|
|
action.social.vector.Email
|
Email
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.vector.Email
|
Email
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Partner
|
Partner connection or credential. (Indicates supply chain breach.)
| related-to |
T1499.002
|
Service Exhaustion Flood
|
|
action.social.vector.Partner
|
Partner connection or credential. (Indicates supply chain breach.)
| related-to |
T1199
|
Trusted Relationship
|
|
action.social.vector.Removable media
|
Removable storage media
| related-to |
T1091
|
Replication Through Removable Media
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1204
|
User Execution
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1001.002
|
Steganography
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Software
|
Software
| related-to |
T1499.003
|
Application Exhaustion Flood
|
|
action.social.vector.Software
|
Software
| related-to |
T1589.001
|
Credentials
|
|
action.social.vector.Web application
|
Web application
| related-to |
T1189
|
Drive-by Compromise
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1211
|
Exploitation for Defense Evasion
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1534
|
Internal Spearphishing
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1553
|
Subvert Trust Controls
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1562
|
Impair Defenses
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564
|
Hide Artifacts
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.001
|
Hidden Files and Directories
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.002
|
Hidden Users
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.003
|
Hidden Window
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.004
|
NTFS File Attributes
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.005
|
Hidden File System
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.006
|
Run Virtual Instance
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.007
|
VBA Stomping
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566
|
Phishing
|
|
action.social.vector.Email
|
Email
| related-to |
T1566
|
Phishing
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.001
|
Spearphishing Attachment
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.001
|
Spearphishing Attachment
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.vector.Web application
|
Web application
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.003
|
Spearphishing via Service
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.003
|
Spearphishing via Service
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.004
|
Spearphishing Voice
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1584.001
|
Domains
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585
|
Establish Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585.001
|
Social Media Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585.002
|
Email Accounts
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1586.001
|
Social Media Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1586.001
|
Social Media Accounts
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598
|
Phishing for Information
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598
|
Phishing for Information
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.001
|
Spearphishing Service
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.001
|
Spearphishing Service
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.002
|
Spearphishing Attachment
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.002
|
Spearphishing Attachment
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.003
|
Spearphishing Link
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.003
|
Spearphishing Link
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.004
|
Spearphishing Voice
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1622
|
Debugger Evasion
|
