- 1.39.0 (latest)
- 1.38.0
- 1.37.0
- 1.36.0
- 1.35.1
- 1.33.1
- 1.32.1
- 1.31.0
- 1.30.1
- 1.29.0
- 1.28.0
- 1.27.0
- 1.26.1
- 1.25.0
- 1.24.1
- 1.23.2
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.1
- 1.18.2
- 1.17.0
- 1.16.2
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.1
- 1.10.0
- 1.9.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.2
- 1.4.0
- 1.3.1
- 1.2.0
- 1.1.0
- 1.0.0
- 0.7.3
- 0.6.0
- 0.5.0
- 0.4.0
- 0.3.0
Technique(value)
MITRE ATT&CK techniques that can be referenced by Security Command Center findings. See: https://attack.mitre.org/techniques/enterprise/
Enums |
|
---|---|
Name | Description |
TECHNIQUE_UNSPECIFIED |
Unspecified value. |
DATA_OBFUSCATION |
T1001 |
DATA_OBFUSCATION_STEGANOGRAPHY |
T1001.002 |
OS_CREDENTIAL_DUMPING |
T1003 |
OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM |
T1003.007 |
OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW |
T1003.008 |
DATA_FROM_LOCAL_SYSTEM |
T1005 |
AUTOMATED_EXFILTRATION |
T1020 |
OBFUSCATED_FILES_OR_INFO |
T1027 |
STEGANOGRAPHY |
T1027.003 |
COMPILE_AFTER_DELIVERY |
T1027.004 |
COMMAND_OBFUSCATION |
T1027.010 |
SCHEDULED_TRANSFER |
T1029 |
SYSTEM_OWNER_USER_DISCOVERY |
T1033 |
MASQUERADING |
T1036 |
MATCH_LEGITIMATE_NAME_OR_LOCATION |
T1036.005 |
BOOT_OR_LOGON_INITIALIZATION_SCRIPTS |
T1037 |
STARTUP_ITEMS |
T1037.005 |
NETWORK_SERVICE_DISCOVERY |
T1046 |
SCHEDULED_TASK_JOB |
T1053 |
SCHEDULED_TASK_JOB_CRON |
T1053.003 |
CONTAINER_ORCHESTRATION_JOB |
T1053.007 |
PROCESS_INJECTION |
T1055 |
INPUT_CAPTURE |
T1056 |
INPUT_CAPTURE_KEYLOGGING |
T1056.001 |
PROCESS_DISCOVERY |
T1057 |
COMMAND_AND_SCRIPTING_INTERPRETER |
T1059 |
UNIX_SHELL |
T1059.004 |
PYTHON |
T1059.006 |
EXPLOITATION_FOR_PRIVILEGE_ESCALATION |
T1068 |
PERMISSION_GROUPS_DISCOVERY |
T1069 |
CLOUD_GROUPS |
T1069.003 |
INDICATOR_REMOVAL |
T1070 |
INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS |
T1070.002 |
INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY |
T1070.003 |
INDICATOR_REMOVAL_FILE_DELETION |
T1070.004 |
INDICATOR_REMOVAL_TIMESTOMP |
T1070.006 |
INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA |
T1070.008 |
APPLICATION_LAYER_PROTOCOL |
T1071 |
DNS |
T1071.004 |
SOFTWARE_DEPLOYMENT_TOOLS |
T1072 |
VALID_ACCOUNTS |
T1078 |
DEFAULT_ACCOUNTS |
T1078.001 |
LOCAL_ACCOUNTS |
T1078.003 |
CLOUD_ACCOUNTS |
T1078.004 |
FILE_AND_DIRECTORY_DISCOVERY |
T1083 |
ACCOUNT_DISCOVERY_LOCAL_ACCOUNT |
T1087.001 |
PROXY |
T1090 |
EXTERNAL_PROXY |
T1090.002 |
MULTI_HOP_PROXY |
T1090.003 |
ACCOUNT_MANIPULATION |
T1098 |
ADDITIONAL_CLOUD_CREDENTIALS |
T1098.001 |
ADDITIONAL_CLOUD_ROLES |
T1098.003 |
SSH_AUTHORIZED_KEYS |
T1098.004 |
ADDITIONAL_CONTAINER_CLUSTER_ROLES |
T1098.006 |
MULTI_STAGE_CHANNELS |
T1104 |
INGRESS_TOOL_TRANSFER |
T1105 |
NATIVE_API |
T1106 |
BRUTE_FORCE |
T1110 |
AUTOMATED_COLLECTION |
T1119 |
SHARED_MODULES |
T1129 |
DATA_ENCODING |
T1132 |
STANDARD_ENCODING |
T1132.001 |
ACCESS_TOKEN_MANIPULATION |
T1134 |
TOKEN_IMPERSONATION_OR_THEFT |
T1134.001 |
CREATE_ACCOUNT |
T1136 |
LOCAL_ACCOUNT |
T1136.001 |
DEOBFUSCATE_DECODE_FILES_OR_INFO |
T1140 |
EXPLOIT_PUBLIC_FACING_APPLICATION |
T1190 |
SUPPLY_CHAIN_COMPROMISE |
T1195 |
COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS |
T1195.001 |
EXPLOITATION_FOR_CLIENT_EXECUTION |
T1203 |
USER_EXECUTION |
T1204 |
LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION |
T1222.002 |
DOMAIN_POLICY_MODIFICATION |
T1484 |
DATA_DESTRUCTION |
T1485 |
DATA_ENCRYPTED_FOR_IMPACT |
T1486 |
SERVICE_STOP |
T1489 |
INHIBIT_SYSTEM_RECOVERY |
T1490 |
FIRMWARE_CORRUPTION |
T1495 |
RESOURCE_HIJACKING |
T1496 |
NETWORK_DENIAL_OF_SERVICE |
T1498 |
CLOUD_SERVICE_DISCOVERY |
T1526 |
STEAL_APPLICATION_ACCESS_TOKEN |
T1528 |
ACCOUNT_ACCESS_REMOVAL |
T1531 |
TRANSFER_DATA_TO_CLOUD_ACCOUNT |
T1537 |
STEAL_WEB_SESSION_COOKIE |
T1539 |
CREATE_OR_MODIFY_SYSTEM_PROCESS |
T1543 |
EVENT_TRIGGERED_EXECUTION |
T1546 |
BOOT_OR_LOGON_AUTOSTART_EXECUTION |
T1547 |
KERNEL_MODULES_AND_EXTENSIONS |
T1547.006 |
SHORTCUT_MODIFICATION |
T1547.009 |
ABUSE_ELEVATION_CONTROL_MECHANISM |
T1548 |
ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID |
T1548.001 |
ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING |
T1548.003 |
UNSECURED_CREDENTIALS |
T1552 |
CREDENTIALS_IN_FILES |
T1552.001 |
BASH_HISTORY |
T1552.003 |
PRIVATE_KEYS |
T1552.004 |
SUBVERT_TRUST_CONTROL |
T1553 |
INSTALL_ROOT_CERTIFICATE |
T1553.004 |
COMPROMISE_HOST_SOFTWARE_BINARY |
T1554 |
CREDENTIALS_FROM_PASSWORD_STORES |
T1555 |
MODIFY_AUTHENTICATION_PROCESS |
T1556 |
PLUGGABLE_AUTHENTICATION_MODULES |
T1556.003 |
MULTI_FACTOR_AUTHENTICATION |
T1556.006 |
IMPAIR_DEFENSES |
T1562 |
DISABLE_OR_MODIFY_TOOLS |
T1562.001 |
INDICATOR_BLOCKING |
T1562.006 |
DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM |
T1562.012 |
HIDE_ARTIFACTS |
T1564 |
HIDDEN_FILES_AND_DIRECTORIES |
T1564.001 |
HIDDEN_USERS |
T1564.002 |
EXFILTRATION_OVER_WEB_SERVICE |
T1567 |
EXFILTRATION_TO_CLOUD_STORAGE |
T1567.002 |
DYNAMIC_RESOLUTION |
T1568 |
LATERAL_TOOL_TRANSFER |
T1570 |
HIJACK_EXECUTION_FLOW |
T1574 |
HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING |
T1574.006 |
MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE |
T1578 |
CREATE_SNAPSHOT |
T1578.001 |
CLOUD_INFRASTRUCTURE_DISCOVERY |
T1580 |
DEVELOP_CAPABILITIES |
T1587 |
DEVELOP_CAPABILITIES_MALWARE |
T1587.001 |
OBTAIN_CAPABILITIES |
T1588 |
OBTAIN_CAPABILITIES_MALWARE |
T1588.001 |
OBTAIN_CAPABILITIES_VULNERABILITIES |
T1588.006 |
ACTIVE_SCANNING |
T1595 |
SCANNING_IP_BLOCKS |
T1595.001 |
STAGE_CAPABILITIES |
T1608 |
UPLOAD_MALWARE |
T1608.001 |
CONTAINER_ADMINISTRATION_COMMAND |
T1609 |
DEPLOY_CONTAINER |
T1610 |
ESCAPE_TO_HOST |
T1611 |
CONTAINER_AND_RESOURCE_DISCOVERY |
T1613 |
REFLECTIVE_CODE_LOADING |
T1620 |
STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES |
T1649 |
FINANCIAL_THEFT |
T1657 |