|
action.hacking.variety.Backdoor
|
Hacking action that creates a backdoor for use.
| related-to |
T1098.007
|
Additional Local or Domain Groups
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.006
|
Additional Container Cluster Roles
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.007
|
Additional Local or Domain Groups
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1114.003
|
Email Forwarding Rule
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136
|
Create Account
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.001
|
Local Account
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.002
|
Domain Account
|
|
attribute.integrity.variety.Created account
|
Created new user account
| related-to |
T1136.003
|
Cloud Account
|
|
attribute.integrity.variety.Log tampering
|
Log tampering or modification
| related-to |
T1070.001
|
Clear Windows Event Logs
|
|
attribute.integrity.variety.Log tampering
|
Log tampering or modification
| related-to |
T1070.002
|
Clear Linux or Mac System Logs
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037
|
Boot or Logon Initialization Scripts
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.001
|
Logon Script (Windows)
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.002
|
Login Hook
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.003
|
Network Logon Script
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.004
|
RC Scripts
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1037.005
|
Startup Items
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098
|
Account Manipulation
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.001
|
Additional Cloud Credentials
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.002
|
Additional Email Delegate Permissions
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.003
|
Additional Cloud Roles
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1098.004
|
SSH Authorized Keys
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1072
|
Software Deployment Tools
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1080
|
Taint Shared Content
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484
|
Domain or Tenant Policy Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484.001
|
Group Policy Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1484.002
|
Trust Modification
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491
|
Defacement
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491.001
|
Internal Defacement
|
|
attribute.integrity.variety.Defacement
|
Deface content
| related-to |
T1491.002
|
External Defacement
|
|
attribute.integrity.variety.Unknown
|
Unknown
| related-to |
T1531
|
Account Access Removal
|
|
attribute.integrity.variety.Misrepresentation
|
compromise of authenticity (e.g. masquerading as the legitimate owner of an account)
| related-to |
T1534
|
Internal Spearphishing
|
|
attribute.integrity.variety.Repurpose
|
Repurposed asset for unauthorized function
| related-to |
T1535
|
Unused/Unsupported Cloud Regions
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543
|
Create or Modify System Process
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.001
|
Launch Agent
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.002
|
Systemd Service
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.003
|
Windows Service
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1543.004
|
Launch Daemon
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546
|
Event Triggered Execution
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.001
|
Change Default File Association
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.002
|
Screensaver
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.004
|
Unix Shell Configuration Modification
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.005
|
Trap
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.007
|
Netsh Helper DLL
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.008
|
Accessibility Features
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.009
|
AppCert DLLs
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.010
|
AppInit DLLs
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.011
|
Application Shimming
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.012
|
Image File Execution Options Injection
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.013
|
PowerShell Profile
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.014
|
Emond
|
|
attribute.integrity.variety.Alter behavior
|
Influence or alter human behavior
| related-to |
T1546.015
|
Component Object Model Hijacking
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1546.016
|
Installer Packages
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547
|
Boot or Logon Autostart Execution
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.001
|
Registry Run Keys / Startup Folder
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.002
|
Authentication Package
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.003
|
Time Providers
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.004
|
Winlogon Helper DLL
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.005
|
Security Support Provider
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.006
|
Kernel Modules and Extensions
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.007
|
Re-opened Applications
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.008
|
LSASS Driver
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.009
|
Shortcut Modification
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.010
|
Port Monitors
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.012
|
Print Processors
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1547.013
|
XDG Autostart Entries
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1547.014
|
Active Setup
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556
|
Modify Authentication Process
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556
|
Modify Authentication Process
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.001
|
Domain Controller Authentication
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.001
|
Domain Controller Authentication
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1566.002
|
Spearphishing Link
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1566.002
|
Spearphishing Link
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.003
|
Pluggable Authentication Modules
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.003
|
Pluggable Authentication Modules
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.004
|
Network Device Authentication
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.004
|
Network Device Authentication
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565
|
Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.001
|
Stored Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.002
|
Transmitted Data Manipulation
|
|
attribute.integrity.variety.Modify data
|
Modified stored data or content
| related-to |
T1565.003
|
Runtime Data Manipulation
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1601
|
Modify System Image
|
|
attribute.integrity.variety.Software installation
|
Software installation or code modification
| related-to |
T1601.001
|
Patch System Image
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.008
|
Network Provider DLL
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.008
|
Network Provider DLL
|
|
attribute.integrity.variety.Modify configuration
|
Modified configuration or services
| related-to |
T1556.009
|
Conditional Access Policies
|
|
attribute.integrity.variety.Modify privileges
|
Modified privileges or permissions
| related-to |
T1556.009
|
Conditional Access Policies
|
