ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 9.0 Enterprise and VERIS 1.3.5.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Abuse of functionality
VERIS
action.hacking.variety.Abuse of functionality
Mappings
Mappings
ATT&CK Version
9.0
ATT&CK Domain
Enterprise
VERIS
1.3.5
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1047
Windows Management Instrumentation
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053
Scheduled Task/Job
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.001
Scheduled Task/Job: At (Linux)
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.002
Scheduled Task/Job: At (Windows)
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.003
Scheduled Task/Job: Cron
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.004
Scheduled Task/Job: Launchd
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.005
Scheduled Task/Job: Scheduled Task
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.006
Scheduled Task/Job: Systemd Timers
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.007
Scheduled Task/Job: Container Orchestration Job
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059
Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.001
Command and Scripting Interpreter: PowerShell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.002
Command and Scripting Interpreter: AppleScript
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.003
Command and Scripting Interpreter: Windows Command Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.004
Command and Scripting Interpreter: Unix Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.005
Command and Scripting Interpreter: Visual Basic
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.006
Command and Scripting Interpreter: Python
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.007
Command and Scripting Interpreter: JavaScript
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.008
Command and Scripting Interpreter: Network Device CLI
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1072
Software Deployment Tools
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1106
Native API
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1112
Modify Registry
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1127
Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1127.001
Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1129
Shared Modules
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137
Office Application Startup
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.001
Office Application Startup: Office Template Macros
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.002
Office Application Startup: Office Test
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.003
Office Application Startup: Outlook Forms
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.004
Office Application Startup: Outlook Home Page
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.005
Office Application Startup: Outlook Rules
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1187
Forced Authentication
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1202
Indirect Command Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1216
Signed Script Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1216.001
Signed Script Proxy Execution: PubPrn
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218
Signed Binary Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.001
Signed Binary Proxy Execution: Compiled HTML File
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.002
Signed Binary Proxy Execution: Control Panel
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.003
Signed Binary Proxy Execution: CMSTP
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.004
Signed Binary Proxy Execution: InstallUtil
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.005
Signed Binary Proxy Execution: Mshta
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.007
Signed Binary Proxy Execution: Msiexec
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.008
Signed Binary Proxy Execution: Odbcconf
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.009
Signed Binary Proxy Execution: Regsvcs/Regasm
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.010
Signed Binary Proxy Execution: Regsvr32
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.011
Signed Binary Proxy Execution: Rundll32
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.012
Signed Binary Proxy Execution: Verclsid
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1220
XSL Script Processing
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1505.001
Server Software Component: SQL Stored Procedures
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1505.002
Server Software Component: Transport Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1529
System Shutdown/Reboot
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543
Create or Modify System Process
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.001
Create or Modify System Process: Launch Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.002
Create or Modify System Process: Systemd Service
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.003
Create or Modify System Process: Windows Service
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.004
Create or Modify System Process: Launch Daemon
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1547
Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.001
Abuse Elevation Control Mechanism: Setuid and Setgid
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.002
Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.003
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.004
Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559
Inter-Process Communication
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559.001
Inter-Process Communication: Component Object Model
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559.002
Inter-Process Communication: Dynamic Data Exchange
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563
Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563.001
Remote Service Session Hijacking: SSH Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563.002
Remote Service Session Hijacking: RDP Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564
Hide Artifacts
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.001
Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.002
Hide Artifacts: Hidden Users
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.003
Hide Artifacts: Hidden Window
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.004
Hide Artifacts: NTFS File Attributes
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.005
Hide Artifacts: Hidden File System
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.006
Hide Artifacts: Run Virtual Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.007
Hide Artifacts: VBA Stomping
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569
System Services
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569.001
System Services: Launchctl
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569.002
System Services: Service Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578
Modify Cloud Computer Infrastructure
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.001
Modify Cloud Computer Infrastructure: Create Snapshot
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.002
Modify Cloud Computer Infrastructure: Create Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.003
Modify Cloud Computer Infrastructure: Delete Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.004
Modify Cloud Computer Infrastructure: Revert Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1609
Container Administration Command
