ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CSA Cloud Controls Matrix (CCM)
CRI Profile
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 9.0 Enterprise and VERIS 1.3.5.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Abuse of functionality
VERIS
action.hacking.variety.Abuse of functionality
Mappings
ATT&CK Version
9.0
ATT&CK Domain
Enterprise
VERIS
1.3.5
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1047
Windows Management Instrumentation
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053
Scheduled Task/Job
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.001
Scheduled Task/Job: At (Linux)
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.002
Scheduled Task/Job: At (Windows)
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.003
Scheduled Task/Job: Cron
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.004
Scheduled Task/Job: Launchd
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.005
Scheduled Task/Job: Scheduled Task
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.006
Scheduled Task/Job: Systemd Timers
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1053.007
Scheduled Task/Job: Container Orchestration Job
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059
Command and Scripting Interpreter
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.001
Command and Scripting Interpreter: PowerShell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.002
Command and Scripting Interpreter: AppleScript
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.003
Command and Scripting Interpreter: Windows Command Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.004
Command and Scripting Interpreter: Unix Shell
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.005
Command and Scripting Interpreter: Visual Basic
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.006
Command and Scripting Interpreter: Python
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.007
Command and Scripting Interpreter: JavaScript
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1059.008
Command and Scripting Interpreter: Network Device CLI
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1072
Software Deployment Tools
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1106
Native API
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1112
Modify Registry
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1127
Trusted Developer Utilities Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1127.001
Tursted Developer Utilities Proxy Execution: MSBuild
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1129
Shared Modules
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137
Office Application Startup
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.001
Office Application Startup: Office Template Macros
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.002
Office Application Startup: Office Test
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.003
Office Application Startup: Outlook Forms
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.004
Office Application Startup: Outlook Home Page
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1137.005
Office Application Startup: Outlook Rules
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1187
Forced Authentication
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1202
Indirect Command Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1216
Signed Script Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1216.001
Signed Script Proxy Execution: PubPrn
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218
Signed Binary Proxy Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.001
Signed Binary Proxy Execution: Compiled HTML File
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.002
Signed Binary Proxy Execution: Control Panel
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.003
Signed Binary Proxy Execution: CMSTP
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.004
Signed Binary Proxy Execution: InstallUtil
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.005
Signed Binary Proxy Execution: Mshta
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.007
Signed Binary Proxy Execution: Msiexec
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.008
Signed Binary Proxy Execution: Odbcconf
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.009
Signed Binary Proxy Execution: Regsvcs/Regasm
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.010
Signed Binary Proxy Execution: Regsvr32
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.011
Signed Binary Proxy Execution: Rundll32
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1218.012
Signed Binary Proxy Execution: Verclsid
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1220
XSL Script Processing
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1505.001
Server Software Component: SQL Stored Procedures
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1505.002
Server Software Component: Transport Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1529
System Shutdown/Reboot
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543
Create or Modify System Process
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.001
Create or Modify System Process: Launch Agent
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.002
Create or Modify System Process: Systemd Service
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.003
Create or Modify System Process: Windows Service
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1543.004
Create or Modify System Process: Launch Daemon
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1547
Boot or Logon Autostart Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548
Abuse Elevation Control Mechanism
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.001
Abuse Elevation Control Mechanism: Setuid and Setgid
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.002
Abuse Elevation Control Mechanism: Bypass User Account Control
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.003
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1548.004
Abuse Elevation Control Mechanism: Elevated Execution with Prompt
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559
Inter-Process Communication
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559.001
Inter-Process Communication: Component Object Model
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1559.002
Inter-Process Communication: Dynamic Data Exchange
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563
Remote Service Session Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563.001
Remote Service Session Hijacking: SSH Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1563.002
Remote Service Session Hijacking: RDP Hijacking
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564
Hide Artifacts
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.001
Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.002
Hide Artifacts: Hidden Users
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.003
Hide Artifacts: Hidden Window
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.004
Hide Artifacts: NTFS File Attributes
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.005
Hide Artifacts: Hidden File System
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.006
Hide Artifacts: Run Virtual Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1564.007
Hide Artifacts: VBA Stomping
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569
System Services
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569.001
System Services: Launchctl
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1569.002
System Services: Service Execution
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578
Modify Cloud Computer Infrastructure
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.001
Modify Cloud Computer Infrastructure: Create Snapshot
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.002
Modify Cloud Computer Infrastructure: Create Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.003
Modify Cloud Computer Infrastructure: Delete Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1578.004
Modify Cloud Computer Infrastructure: Revert Cloud Instance
action.hacking.variety.Abuse of functionality
Abuse of functionality
related-to
T1609
Container Administration Command
