|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037
|
Boot or Logon Initialization Scripts
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.001
|
Boot or Logon Initialization Scripts: Logon Script (Windows)
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.002
|
Boot or Logon Initialization Scripts: Logon Script (Mac)
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.003
|
Boot or Logon Initialization Scripts: Network Logon Script
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.004
|
Boot or Logon Initialization Scripts: RC Scripts
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.005
|
Boot or Logon Initialization Scripts: Startup Items
|
|
attribute.integrity.variety.Log tampering
|
Log tampering or modification
| related-to |
T1070.001
|
Indicator Removal on Host: Clear Windows Event Logs
|
|
attribute.integrity.variety.Log tampering
|
Log tampering or modification
| related-to |
T1070.002
|
Indicator Removal on Host: Clear Linux or Mac System Logs
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1072
|
Software Deployment Tools
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1080
|
Taint Shared Content
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098
|
Account Manipulation
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.001
|
Account Manipulation: Additional Cloud Credentials
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.002
|
Account Manipulation: Exchange Email Delegate Permissions
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.003
|
Account Manipulation: Add Office 365 Global Administrator Role
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.004
|
Account Manipulation: SSH Authorized Keys
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.006
|
Additional Container Cluster Roles
|
|
action.hacking.variety.Backdoor
|
Hacking action that creates a backdoor for use.
| related-to |
T1098.007
|
Additional Local or Domain Groups
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.007
|
Additional Local or Domain Groups
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1114.003
|
Email Collection: Email Forwarding Rule
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136
|
Create Accounts
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.001
|
Create Account: Local Account
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.002
|
Create Account: Domain Account
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.003
|
Create Account: Cloud Account
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484
|
Domain Policy Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484.001
|
Domain Policy Modification: Group Policy Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484.002
|
Domain Policy Modification: Domain Trust Modification
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491
|
Defacement
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491.001
|
Defacement: Internal Defacement
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491.002
|
Defacement: External Defacement
|
|
attribute.integrity.variety.Unknown
|
Unknown
| related-to |
T1531
|
Account Access Removal
|
|
attribute.integrity.variety.Misrepresentation
|
compromise of authenticity (e.g. masquerading as the legitimate owner of an account)
| related-to |
T1534
|
Internal Spearphishing
|
|
attribute.integrity.variety.Repurpose
|
Repurposed asset for unauthorized function
| related-to |
T1535
|
Unused/Unsupported Cloud Regions
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543
|
Create or Modify System Process
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.001
|
Create or Modify System Process: Launch Agent
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.002
|
Create or Modify System Process: Systemd Service
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.003
|
Create or Modify System Process: Windows Service
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.004
|
Create or Modify System Process: Launch Daemon
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546
|
Event Triggered Execution
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.001
|
Event Triggered Execution: Change Default File Association
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.002
|
Event Triggered Execution: Screensaver
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.003
|
Event Triggered Execution: Windows Management Instrumentation Event Subscription
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.004
|
Event Triggered Execution: Unix Shell Configuration Modification
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.005
|
Event Triggered Execution: Trap
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.006
|
Event Triggered Execution: LC_LOAD_DYLIB Addition
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.007
|
Event Triggered Execution: Netsh Helper DLL
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.008
|
Event Triggered Execution: Accessibility Features
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.009
|
Event Triggered Execution: AppCert DLLs
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.010
|
Event Triggered Execution: AppInit DLLs
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.011
|
Event Triggered Execution: Application Shimming
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.012
|
Event Triggered Execution: Image File Execution Options Injection
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.013
|
Event Triggered Execution: PowerShell Profile
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.014
|
Event Triggered Execution: Emond
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.015
|
Event Triggered Execution: Component Object Model Hijacking
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1546.016
|
Event Triggered Execution: Installer Packages
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547
|
Boot or Logon Autostart Execution
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.001
|
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.002
|
Boot or Logon Autostart Execution: Authentication Package
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.003
|
Boot or Logon Autostart Execution: Time Providers
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.004
|
Boot or Logon Autostart Execution: Winlogon Helper DLL
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.005
|
Boot or Logon Autostart Execution: Security Support Provider
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.006
|
Boot or Logon Autostart Execution: Kernel Modules and Extensions
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.007
|
Boot or Logon Autostart Execution: Re-opened Applications
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.008
|
Boot or Logon Autostart Execution: LSASS Driver
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.009
|
Boot or Logon Autostart Execution: Shortcut Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.010
|
Boot or Logon Autostart Execution: Port Monitors
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.012
|
Boot or Logon Autostart Execution: Print Processors
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.013
|
Boot or Logon Autostart Execution: XDG Autostart Entries
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1547.014
|
Boot or Logon Autostart Execution: Active Setup
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556
|
Modify Authentication Process
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556
|
Modify Authentication Process
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.001
|
Modify Authentication Process: Domain Controller Authentication
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.001
|
Modify Authentication Process: Domain Controller Authentication
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1566.002
|
Phishing: Spearphishing Link
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1566.002
|
Phishing: Spearphishing Link
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.003
|
Modify Authentication Process: Pluggable Authentication Modules
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.003
|
Modify Authentication Process: Pluggable Authentication Modules
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.004
|
Modify Authentication Process: Network Device Authentication
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.004
|
Modify Authentication Process: Network Device Authentication
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565
|
Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.001
|
Data Manipulation: Stored Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.002
|
Data Manipulation: Transmitted Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.003
|
Data Manipulation: Runtime Data Manipulation
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1601
|
Modify System Image
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1601.001
|
Modify System Image: Patch System Image
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.008
|
Network Provider DLL
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.008
|
Network Provider DLL
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.009
|
Conditional Access Policies
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.009
|
Conditional Access Policies
|
