Class Technique (1.39.0)

Technique(value)

MITRE ATT&CK techniques that can be referenced by Security Command Center findings. See: https://attack.mitre.org/techniques/enterprise/

Enums

Name Description
TECHNIQUE_UNSPECIFIED Unspecified value.
DATA_OBFUSCATION T1001
DATA_OBFUSCATION_STEGANOGRAPHY T1001.002
OS_CREDENTIAL_DUMPING T1003
OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM T1003.007
OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW T1003.008
DATA_FROM_LOCAL_SYSTEM T1005
AUTOMATED_EXFILTRATION T1020
OBFUSCATED_FILES_OR_INFO T1027
STEGANOGRAPHY T1027.003
COMPILE_AFTER_DELIVERY T1027.004
COMMAND_OBFUSCATION T1027.010
SCHEDULED_TRANSFER T1029
SYSTEM_OWNER_USER_DISCOVERY T1033
MASQUERADING T1036
MATCH_LEGITIMATE_NAME_OR_LOCATION T1036.005
BOOT_OR_LOGON_INITIALIZATION_SCRIPTS T1037
STARTUP_ITEMS T1037.005
NETWORK_SERVICE_DISCOVERY T1046
SCHEDULED_TASK_JOB T1053
SCHEDULED_TASK_JOB_CRON T1053.003
CONTAINER_ORCHESTRATION_JOB T1053.007
PROCESS_INJECTION T1055
INPUT_CAPTURE T1056
INPUT_CAPTURE_KEYLOGGING T1056.001
PROCESS_DISCOVERY T1057
COMMAND_AND_SCRIPTING_INTERPRETER T1059
UNIX_SHELL T1059.004
PYTHON T1059.006
EXPLOITATION_FOR_PRIVILEGE_ESCALATION T1068
PERMISSION_GROUPS_DISCOVERY T1069
CLOUD_GROUPS T1069.003
INDICATOR_REMOVAL T1070
INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS T1070.002
INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY T1070.003
INDICATOR_REMOVAL_FILE_DELETION T1070.004
INDICATOR_REMOVAL_TIMESTOMP T1070.006
INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA T1070.008
APPLICATION_LAYER_PROTOCOL T1071
DNS T1071.004
SOFTWARE_DEPLOYMENT_TOOLS T1072
VALID_ACCOUNTS T1078
DEFAULT_ACCOUNTS T1078.001
LOCAL_ACCOUNTS T1078.003
CLOUD_ACCOUNTS T1078.004
FILE_AND_DIRECTORY_DISCOVERY T1083
ACCOUNT_DISCOVERY_LOCAL_ACCOUNT T1087.001
PROXY T1090
EXTERNAL_PROXY T1090.002
MULTI_HOP_PROXY T1090.003
ACCOUNT_MANIPULATION T1098
ADDITIONAL_CLOUD_CREDENTIALS T1098.001
ADDITIONAL_CLOUD_ROLES T1098.003
SSH_AUTHORIZED_KEYS T1098.004
ADDITIONAL_CONTAINER_CLUSTER_ROLES T1098.006
MULTI_STAGE_CHANNELS T1104
INGRESS_TOOL_TRANSFER T1105
NATIVE_API T1106
BRUTE_FORCE T1110
AUTOMATED_COLLECTION T1119
SHARED_MODULES T1129
DATA_ENCODING T1132
STANDARD_ENCODING T1132.001
ACCESS_TOKEN_MANIPULATION T1134
TOKEN_IMPERSONATION_OR_THEFT T1134.001
CREATE_ACCOUNT T1136
LOCAL_ACCOUNT T1136.001
DEOBFUSCATE_DECODE_FILES_OR_INFO T1140
EXPLOIT_PUBLIC_FACING_APPLICATION T1190
SUPPLY_CHAIN_COMPROMISE T1195
COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS T1195.001
EXPLOITATION_FOR_CLIENT_EXECUTION T1203
USER_EXECUTION T1204
LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION T1222.002
DOMAIN_POLICY_MODIFICATION T1484
DATA_DESTRUCTION T1485
DATA_ENCRYPTED_FOR_IMPACT T1486
SERVICE_STOP T1489
INHIBIT_SYSTEM_RECOVERY T1490
FIRMWARE_CORRUPTION T1495
RESOURCE_HIJACKING T1496
NETWORK_DENIAL_OF_SERVICE T1498
CLOUD_SERVICE_DISCOVERY T1526
STEAL_APPLICATION_ACCESS_TOKEN T1528
ACCOUNT_ACCESS_REMOVAL T1531
TRANSFER_DATA_TO_CLOUD_ACCOUNT T1537
STEAL_WEB_SESSION_COOKIE T1539
CREATE_OR_MODIFY_SYSTEM_PROCESS T1543
EVENT_TRIGGERED_EXECUTION T1546
BOOT_OR_LOGON_AUTOSTART_EXECUTION T1547
KERNEL_MODULES_AND_EXTENSIONS T1547.006
SHORTCUT_MODIFICATION T1547.009
ABUSE_ELEVATION_CONTROL_MECHANISM T1548
ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID T1548.001
ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING T1548.003
UNSECURED_CREDENTIALS T1552
CREDENTIALS_IN_FILES T1552.001
BASH_HISTORY T1552.003
PRIVATE_KEYS T1552.004
SUBVERT_TRUST_CONTROL T1553
INSTALL_ROOT_CERTIFICATE T1553.004
COMPROMISE_HOST_SOFTWARE_BINARY T1554
CREDENTIALS_FROM_PASSWORD_STORES T1555
MODIFY_AUTHENTICATION_PROCESS T1556
PLUGGABLE_AUTHENTICATION_MODULES T1556.003
MULTI_FACTOR_AUTHENTICATION T1556.006
IMPAIR_DEFENSES T1562
DISABLE_OR_MODIFY_TOOLS T1562.001
INDICATOR_BLOCKING T1562.006
DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM T1562.012
HIDE_ARTIFACTS T1564
HIDDEN_FILES_AND_DIRECTORIES T1564.001
HIDDEN_USERS T1564.002
EXFILTRATION_OVER_WEB_SERVICE T1567
EXFILTRATION_TO_CLOUD_STORAGE T1567.002
DYNAMIC_RESOLUTION T1568
LATERAL_TOOL_TRANSFER T1570
HIJACK_EXECUTION_FLOW T1574
HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING T1574.006
MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE T1578
CREATE_SNAPSHOT T1578.001
CLOUD_INFRASTRUCTURE_DISCOVERY T1580
DEVELOP_CAPABILITIES T1587
DEVELOP_CAPABILITIES_MALWARE T1587.001
OBTAIN_CAPABILITIES T1588
OBTAIN_CAPABILITIES_MALWARE T1588.001
OBTAIN_CAPABILITIES_VULNERABILITIES T1588.006
ACTIVE_SCANNING T1595
SCANNING_IP_BLOCKS T1595.001
STAGE_CAPABILITIES T1608
UPLOAD_MALWARE T1608.001
CONTAINER_ADMINISTRATION_COMMAND T1609
DEPLOY_CONTAINER T1610
ESCAPE_TO_HOST T1611
CONTAINER_AND_RESOURCE_DISCOVERY T1613
REFLECTIVE_CODE_LOADING T1620
STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES T1649
FINANCIAL_THEFT T1657