LIVE
Top ATT&CK
50 · technique- 1243Exploit Public-Facing ApplicationT1190
- 2204Exploitation for Client ExecutionT1203
- 3153Exploitation for Privilege EscalationT1068
- 4131Command and Scripting InterpreterT1059
- 5114Data from Local SystemT1005
- 698Drive-by CompromiseT1189
- 794Application or System ExploitationT1499.004
- 894Valid AccountsT1078
- 971Malicious FileT1204.002
- 1071Hijack Execution FlowT1574
- 1169Process InjectionT1055
- 1267File and Directory DiscoveryT1083
- 1365MasqueradingT1036
- 1465System Information DiscoveryT1082
- 1561Obfuscated Files or InformationT1027
- 1656OS Credential DumpingT1003
- 1754JavaScriptT1059.007
- 1853Ingress Tool TransferT1105
- 1948Web ProtocolsT1071.001
- 2048Remote System DiscoveryT1018
- 2148Data DestructionT1485
- 2246External Remote ServicesT1133
- 2345Encrypted ChannelT1573
- 2444Application Layer ProtocolT1071
- 2544PhishingT1566
- 2642Adversary-in-the-MiddleT1557
- 2740Virtualization/Sandbox EvasionT1497
- 2835Process DiscoveryT1057
- 2935Non-Application Layer ProtocolT1095
- 3034Web ShellT1505.003
- 3133Software DiscoveryT1518
- 3232Data ManipulationT1565
- 3331Unsecured CredentialsT1552
- 3431Deobfuscate/Decode Files or InformationT1140
- 3530Malicious LinkT1204.001
- 3630Create AccountT1136
- 3729Software ExtensionsT1176
- 3829System Owner/User DiscoveryT1033
- 3928Stage CapabilitiesT1608
- 4027Resource HijackingT1496
- 4127ProxyT1090
- 4227Endpoint Denial of ServiceT1499
- 4327Remote Desktop ProtocolT1021.001
- 4426Windows Management InstrumentationT1047
- 4526Unix ShellT1059.004
- 4626Data Encrypted for ImpactT1486
- 4726Input CaptureT1056
- 4825Abuse Elevation Control MechanismT1548
- 4924Browser Session HijackingT1185
- 5023Indicator RemovalT1070
Techniques
225
Sub-techniques
472
Mapped
131
Coverage
58.2%
CVE mappings
3.5k
Tactics
14
MITRE ATT&CK Matrix
drag to scroll →Reconnaissance
TA00432/12
T15891
Gather Victim Identity Information
+3 sub
T15951
Active Scanning
+3 sub
T1590—
Gather Victim Network Information
+6 sub
T1591—
Gather Victim Org Information
+4 sub
T1592—
Gather Victim Host Information
+4 sub
T1593—
Search Open Websites/Domains
+3 sub
T1594—
Search Victim-Owned Websites
T1596—
Search Open Technical Databases
+5 sub
T1597—
Search Closed Sources
+2 sub
T1598—
Phishing for Information
+4 sub
T1681—
Search Threat Vendor Data
T1682—
Query Public AI Services
Resource Development
TA00422/9
Initial Access
TA00017/9
Execution
TA000212/19
T1203201
Exploitation for Client Execution
T157466
Hijack Execution Flow
+12 sub
T104720
Windows Management Instrumentation
T104720
Windows Management Instrumentation
T105313
Scheduled Task/Job
+10 sub
T105313
Scheduled Task/Job
+10 sub
T15698
System Services
+3 sub
T12047
User Execution
+5 sub
T11292
Shared Modules
T11271
Trusted Developer Utilities Proxy Execution
+3 sub
T15591
Inter-Process Communication
+3 sub
T16091
Container Administration Command
T1197—
BITS Jobs
T1610—
Deploy Container
T1648—
Serverless Execution
T1651—
Cloud Administration Command
T1674—
Input Injection
T1675—
ESXi Administration Command
T1677—
Poisoned Pipeline Execution
Persistence
TA000312/21
T113346
External Remote Services
T113630
Create Account
+3 sub
T117629
Software Extensions
+2 sub
T154716
Boot or Logon Autostart Execution
+14 sub
T105313
Scheduled Task/Job
+10 sub
T105313
Scheduled Task/Job
+10 sub
T154213
Pre-OS Boot
+5 sub
T15439
Create or Modify System Process
+5 sub
T15465
Event Triggered Execution
+18 sub
T15054
Server Software Component
+6 sub
T15252
Implant Internal Image
T15541
Compromise Host Software Binary
T1037—
Boot or Logon Initialization Scripts
+10 sub
T1037—
Boot or Logon Initialization Scripts
+10 sub
T1137—
Office Application Startup
+6 sub
T1197—
BITS Jobs
T1205—
Traffic Signaling
+2 sub
T1556—
Modify Authentication Process
+9 sub
T1653—
Power Settings
T1668—
Exclusive Control
T1671—
Cloud Application Integration
Privilege Escalation
TA000410/13
T105561
Process Injection
+4 sub
T105561
Process Injection
+4 sub
T154825
Abuse Elevation Control Mechanism
+6 sub
T154716
Boot or Logon Autostart Execution
+14 sub
T105313
Scheduled Task/Job
+10 sub
T105313
Scheduled Task/Job
+10 sub
T15439
Create or Modify System Process
+5 sub
T11347
Access Token Manipulation
+5 sub
T15465
Event Triggered Execution
+18 sub
T16111
Escape to Host
T1037—
Boot or Logon Initialization Scripts
+10 sub
T1037—
Boot or Logon Initialization Scripts
+10 sub
T1484—
Domain or Tenant Policy Modification
+2 sub
Defense Evasion
TA00050/0
no techniques
Credential Access
TA000612/16
T100350
OS Credential Dumping
+16 sub
T100350
OS Credential Dumping
+16 sub
T155741
Adversary-in-the-Middle
+4 sub
T155228
Unsecured Credentials
+8 sub
T153911
Steal Web Session Cookie
T10409
Network Sniffing
T10409
Network Sniffing
T12128
Exploitation for Credential Access
T15286
Steal Application Access Token
T11873
Forced Authentication
T15551
Credentials from Password Stores
+6 sub
T16061
Forge Web Credentials
+2 sub
T1556—
Modify Authentication Process
+9 sub
T1558—
Steal or Forge Kerberos Tickets
+5 sub
T1621—
Multi-Factor Authentication Request Generation
T1649—
Steal or Forge Authentication Certificates
Discovery
TA000724/38
T101842
Remote System Discovery
T101842
Remote System Discovery
T149733
Virtualization/Sandbox Evasion
+3 sub
T103327
System Owner/User Discovery
T103327
System Owner/User Discovery
T151826
Software Discovery
+2 sub
T101216
Query Registry
T101216
Query Registry
T101014
Application Window Discovery
T101014
Application Window Discovery
T104613
Network Service Discovery
T104613
Network Service Discovery
T10409
Network Sniffing
T10409
Network Sniffing
T10165
System Network Configuration Discovery
+4 sub
T10165
System Network Configuration Discovery
+4 sub
T11204
Peripheral Device Discovery
T10493
System Network Connections Discovery
T10493
System Network Connections Discovery
T14823
Domain Trust Discovery
T11352
Network Share Discovery
T16142
System Location Discovery
+1 sub
T11241
System Time Discovery
T16131
Container and Resource Discovery
T1007—
System Service Discovery
T1007—
System Service Discovery
T1201—
Password Policy Discovery
T1217—
Browser Information Discovery
T1526—
Cloud Service Discovery
T1538—
Cloud Service Dashboard
T1580—
Cloud Infrastructure Discovery
T1615—
Group Policy Discovery
T1619—
Cloud Storage Object Discovery
T1622—
Debugger Evasion
T1652—
Device Driver Discovery
T1654—
Log Enumeration
T1673—
Virtual Machine Discovery
T1680—
Local Storage Discovery
Lateral Movement
TA00086/7
Collection
TA000910/16
T1005108
Data from Local System
T1005108
Data from Local System
T155741
Adversary-in-the-Middle
+4 sub
T118524
Browser Session Hijacking
T15607
Archive Collected Data
+3 sub
T12133
Data from Information Repositories
+6 sub
T11152
Clipboard Data
T11231
Audio Capture
T11251
Video Capture
T15301
Data from Cloud Storage
T1025—
Data from Removable Media
T1025—
Data from Removable Media
T1039—
Data from Network Shared Drive
T1039—
Data from Network Shared Drive
T1119—
Automated Collection
T1602—
Data from Configuration Repository
+2 sub
Command and Control
TA00119/13
T157342
Encrypted Channel
+2 sub
T157113
Non-Standard Port
T12196
Remote Access Tools
+3 sub
T10012
Data Obfuscation
+6 sub
T10012
Data Obfuscation
+6 sub
T10081
Fallback Channels
T10081
Fallback Channels
T11321
Data Encoding
+2 sub
T15721
Protocol Tunneling
T1205—
Traffic Signaling
+2 sub
T1568—
Dynamic Resolution
+3 sub
T1659—
Content Injection
T1665—
Hide Infrastructure
Exfiltration
TA00109/16
T104112
Exfiltration Over C2 Channel
T104112
Exfiltration Over C2 Channel
T10482
Exfiltration Over Alternative Protocol
+6 sub
T10482
Exfiltration Over Alternative Protocol
+6 sub
T10201
Automated Exfiltration
+2 sub
T10201
Automated Exfiltration
+2 sub
T10301
Data Transfer Size Limits
T10301
Data Transfer Size Limits
T15671
Exfiltration Over Web Service
+4 sub
T1011—
Exfiltration Over Other Network Medium
+2 sub
T1011—
Exfiltration Over Other Network Medium
+2 sub
T1029—
Scheduled Transfer
T1029—
Scheduled Transfer
T1052—
Exfiltration Over Physical Medium
+2 sub
T1052—
Exfiltration Over Physical Medium
+2 sub
T1537—
Transfer Data to Cloud Account
Impact
TA004011/15
T148540
Data Destruction
+1 sub
T156532
Data Manipulation
+3 sub
T148624
Data Encrypted for Impact
T149624
Resource Hijacking
+4 sub
T149921
Endpoint Denial of Service
+4 sub
T148910
Service Stop
T14908
Inhibit System Recovery
T15296
System Shutdown/Reboot
T14914
Defacement
+2 sub
T14982
Network Denial of Service
+2 sub
T15311
Account Access Removal
T1495—
Firmware Corruption
T1561—
Disk Wipe
+2 sub
T1657—
Financial Theft
T1667—
Email Bombing
Tactic Coverage
14 tactics- Reconnaissance2/12
- Resource Development2/9
- Initial Access7/9
- Execution12/19
- Persistence12/21
- Privilege Escalation10/13
- Defense Evasion0/0
- Credential Access12/16
- Discovery24/38
- Lateral Movement6/7
- Collection10/16
- Command and Control9/13
- Exfiltration9/16
- Impact11/15
Legend:50+10–491–90