|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1684
|
Social Engineering
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1684.001
|
Impersonation
|
|
Action.Social.Variety.Baiting
|
Prepare malicious content in a location where a victim is likely to interact with it. (e.g. SEO - vect: websites, left usbs- vect: removable media, etc)
| related-to |
T1204
|
User Execution
|
|
Action.Social.Variety.Bribery
|
Bribery or solicitation
| related-to |
T1684
|
Social Engineering
|
|
Action.Social.Variety.Elicitation
|
Elicitation (subtle extraction of info through conversation)
| related-to |
T1684
|
Social Engineering
|
|
Action.Social.Variety.Extortion
|
Extortion or blackmail
| related-to |
T1684
|
Social Engineering
|
|
Action.Social.Variety.Prompt Bombing
|
Bombarding the user with MFA prompts to get them to accept the login request
| related-to |
T1621
|
Multi-Factor Authentication Request Generation
|
|
Action.Social.Variety.Propaganda
|
Propaganda or disinformation
| related-to |
T1566
|
Phishing
|
|
Action.Social.Variety.Scam
|
Online scam or hoax (e.g., scareware, 419 scam, auction fraud)
| related-to |
T1203
|
Exploitation for Client Execution
|
|
Action.Social.Variety.Spam
|
Spam (unsolicited or undesired email and advertisements)
| related-to |
T1566
|
Phishing
|
|
Action.Social.Vector.Documents
|
Documents
| related-to |
T1203
|
Exploitation for Client Execution
|
|
Action.Social.Vector.IM
|
Instant messaging
| related-to |
T1203
|
Exploitation for Client Execution
|
|
Action.Social.Vector.Phone
|
Phone
| related-to |
T1598.004
|
Spearphishing Voice
|
|
Action.Social.Vector.SMS
|
SMS or texting
| related-to |
T1566
|
Phishing
|
|
action.social.vector.Virtual meeting
|
Video call or virtual meeting
| related-to |
T1684
|
Social Engineering
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1684.002
|
Email Spoofing
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036.008
|
Masquerade File Type
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036.010
|
Masquerade Account Name
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1036
|
Masquerading
|
|
action.social.variety.Forgery
|
Forgery or counterfeiting (fake hardware, software, documents, etc)
| related-to |
T1686.001
|
Cloud Firewall
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1686.001
|
Cloud Firewall
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1204
|
User Execution
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1001.002
|
Steganography
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Email
|
Email
| related-to |
T1204
|
User Execution
|
|
action.social.vector.Email
|
Email
| related-to |
T1001.002
|
Steganography
|
|
action.social.vector.Email
|
Email
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.vector.Email
|
Email
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Partner
|
Partner connection or credential. (Indicates supply chain breach.)
| related-to |
T1499.002
|
Service Exhaustion Flood
|
|
action.social.vector.Partner
|
Partner connection or credential. (Indicates supply chain breach.)
| related-to |
T1199
|
Trusted Relationship
|
|
action.social.vector.Removable media
|
Removable storage media
| related-to |
T1091
|
Replication Through Removable Media
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1204
|
User Execution
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1001.002
|
Steganography
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1559.002
|
Dynamic Data Exchange
|
|
action.social.vector.Social media
|
Social media or networking
| related-to |
T1027.005
|
Indicator Removal from Tools
|
|
action.social.vector.Software
|
Software
| related-to |
T1499.003
|
Application Exhaustion Flood
|
|
action.social.vector.Software
|
Software
| related-to |
T1589.001
|
Credentials
|
|
action.social.vector.Web application
|
Web application
| related-to |
T1189
|
Drive-by Compromise
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1211
|
Exploitation for Stealth
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1534
|
Internal Spearphishing
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1553
|
Subvert Trust Controls
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564
|
Hide Artifacts
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.001
|
Hidden Files and Directories
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.002
|
Hidden Users
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.003
|
Hidden Window
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.004
|
NTFS File Attributes
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.005
|
Hidden File System
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.006
|
Run Virtual Instance
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1564.007
|
VBA Stomping
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566
|
Phishing
|
|
action.social.vector.Email
|
Email
| related-to |
T1566
|
Phishing
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.001
|
Spearphishing Attachment
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.001
|
Spearphishing Attachment
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.vector.Web application
|
Web application
| related-to |
T1566.002
|
Spearphishing Link
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.003
|
Spearphishing via Service
|
|
action.social.vector.Email
|
Email
| related-to |
T1566.003
|
Spearphishing via Service
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1566.004
|
Spearphishing Voice
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1584.001
|
Domains
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585
|
Establish Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585.001
|
Social Media Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1585.002
|
Email Accounts
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1586.001
|
Social Media Accounts
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1586.001
|
Social Media Accounts
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598
|
Phishing for Information
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598
|
Phishing for Information
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.001
|
Spearphishing Service
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.001
|
Spearphishing Service
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.002
|
Spearphishing Attachment
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.002
|
Spearphishing Attachment
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.003
|
Spearphishing Link
|
|
action.social.variety.Pretexting
|
Pretexting (dialogue leveraging invented scenario). Unlike 'Phishing', does not transfer data. (A fraudulent transfer or changing a bank account on a business account is not really disclosing data.
| related-to |
T1598.003
|
Spearphishing Link
|
|
action.social.variety.Phishing
|
Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting.
| related-to |
T1598.004
|
Spearphishing Voice
|
|
action.social.variety.Evade Defenses
|
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
| related-to |
T1622
|
Debugger Evasion
|
|
Action.Social.Variety.Baiting
|
Prepare malicious content in a location where a victim is likely to interact with it. (e.g. SEO - vect: websites, left usbs- vect: removable media, etc)
| related-to |
T1684
|
Social Engineering
|
