LIVE
Top ATT&CK
50 · technique- 1197Exploit Public-Facing ApplicationT1190
- 2171Exploitation for Client ExecutionT1203
- 3121Exploitation for Privilege EscalationT1068
- 497Drive-by CompromiseT1189
- 594Application or System ExploitationT1499.004
- 692Command and Scripting InterpreterT1059
- 781Data from Local SystemT1005
- 868Malicious FileT1204.002
- 952Hijack Execution FlowT1574
- 1052Valid AccountsT1078
- 1139External Remote ServicesT1133
- 1237Adversary-in-the-MiddleT1557
- 1334JavaScriptT1059.007
- 1432Data ManipulationT1565
- 1528Malicious LinkT1204.001
- 1627Stage CapabilitiesT1608
- 1726PhishingT1566
- 1824Data DestructionT1485
- 1923Create AccountT1136
- 2023Browser Session HijackingT1185
- 2120Stored Data ManipulationT1565.001
- 2220Exploitation for StealthT1211
- 2318Endpoint Denial of ServiceT1499
- 2418Unsecured CredentialsT1552
- 2517Brute ForceT1110
- 2614MasqueradingT1036
- 2712Web ShellT1505.003
- 2810Replication Through Removable MediaT1091
- 299Network SniffingT1040
- 309Default AccountsT1078.001
- 318Account ManipulationT1098
- 328Exploitation of Remote ServicesT1210
- 338File and Directory DiscoveryT1083
- 348Remote Service Session HijackingT1563
- 357Credentials In FilesT1552.001
- 367System FirmwareT1542.001
- 377Abuse Elevation Control MechanismT1548
- 387Exploitation for Credential AccessT1212
- 397Virtualization/Sandbox EvasionT1497
- 406Unix ShellT1059.004
- 416Process InjectionT1055
- 426Steal Application Access TokenT1528
- 435Spearphishing LinkT1566.002
- 445Service StopT1489
- 454Indirect Command ExecutionT1202
- 464System Shutdown/RebootT1529
- 473Transmitted Data ManipulationT1565.002
- 483Steal Web Session CookieT1539
- 493DLLT1574.001
- 503Path Interception by Search Order HijackingT1574.008
Techniques
222
Sub-techniques
475
Mapped
60
Coverage
27%
CVE mappings
1.6k
Tactics
14
MITRE ATT&CK Matrix
drag to scroll →Reconnaissance
TA00431/12
T15891
Gather Victim Identity Information
+3 sub
T1590—
Gather Victim Network Information
+6 sub
T1591—
Gather Victim Org Information
+4 sub
T1592—
Gather Victim Host Information
+4 sub
T1593—
Search Open Websites/Domains
+3 sub
T1594—
Search Victim-Owned Websites
T1595—
Active Scanning
+3 sub
T1596—
Search Open Technical Databases
+5 sub
T1597—
Search Closed Sources
+2 sub
T1598—
Phishing for Information
+4 sub
T1681—
Search Threat Vendor Data
T1682—
Query Public AI Services
Resource Development
TA00421/9
Initial Access
TA00017/11
T1190197
Exploit Public-Facing Application
T118997
Drive-by Compromise
T107852
Valid Accounts
+4 sub
T113339
External Remote Services
T156626
Phishing
+4 sub
T109110
Replication Through Removable Media
T12002
Hardware Additions
T1195—
Supply Chain Compromise
+3 sub
T1199—
Trusted Relationship
T1659—
Content Injection
T1669—
Wi-Fi Networks
Execution
TA00025/20
T1203171
Exploitation for Client Execution
T105992
Command and Scripting Interpreter
+13 sub
T157452
Hijack Execution Flow
+12 sub
T12041
User Execution
+5 sub
T15691
System Services
+3 sub
T1047—
Windows Management Instrumentation
T1053—
Scheduled Task/Job
+5 sub
T1072—
Software Deployment Tools
T1106—
Native API
T1127—
Trusted Developer Utilities Proxy Execution
+3 sub
T1129—
Shared Modules
T1197—
BITS Jobs
T1559—
Inter-Process Communication
+3 sub
T1609—
Container Administration Command
T1610—
Deploy Container
T1648—
Serverless Execution
T1651—
Cloud Administration Command
T1674—
Input Injection
T1675—
ESXi Administration Command
T1677—
Poisoned Pipeline Execution
Persistence
TA00038/22
T107852
Valid Accounts
+4 sub
T113339
External Remote Services
T113623
Create Account
+3 sub
T10988
Account Manipulation
+7 sub
T15051
Server Software Component
+6 sub
T15251
Implant Internal Image
T15461
Event Triggered Execution
+18 sub
T15541
Compromise Host Software Binary
T1037—
Boot or Logon Initialization Scripts
+5 sub
T1053—
Scheduled Task/Job
+5 sub
T1112—
Modify Registry
T1137—
Office Application Startup
+6 sub
T1176—
Software Extensions
+2 sub
T1197—
BITS Jobs
T1205—
Traffic Signaling
+2 sub
T1542—
Pre-OS Boot
+5 sub
T1543—
Create or Modify System Process
+5 sub
T1547—
Boot or Logon Autostart Execution
+14 sub
T1556—
Modify Authentication Process
+9 sub
T1653—
Power Settings
T1668—
Exclusive Control
T1671—
Cloud Application Integration
Privilege Escalation
TA00047/13
T1068121
Exploitation for Privilege Escalation
T107852
Valid Accounts
+4 sub
T10988
Account Manipulation
+7 sub
T15487
Abuse Elevation Control Mechanism
+6 sub
T10556
Process Injection
+12 sub
T11341
Access Token Manipulation
+5 sub
T15461
Event Triggered Execution
+18 sub
T1037—
Boot or Logon Initialization Scripts
+5 sub
T1053—
Scheduled Task/Job
+5 sub
T1484—
Domain or Tenant Policy Modification
+2 sub
T1543—
Create or Modify System Process
+5 sub
T1547—
Boot or Logon Autostart Execution
+14 sub
T1611—
Escape to Host
Defense Evasion
TA00050/0
no techniques
Credential Access
TA00068/17
T155737
Adversary-in-the-Middle
+4 sub
T155218
Unsecured Credentials
+8 sub
T111017
Brute Force
+4 sub
T10409
Network Sniffing
T12127
Exploitation for Credential Access
T15286
Steal Application Access Token
T15393
Steal Web Session Cookie
T10031
OS Credential Dumping
+8 sub
T1056—
Input Capture
+4 sub
T1111—
Multi-Factor Authentication Interception
T1187—
Forced Authentication
T1555—
Credentials from Password Stores
+6 sub
T1556—
Modify Authentication Process
+9 sub
T1558—
Steal or Forge Kerberos Tickets
+5 sub
T1606—
Forge Web Credentials
+2 sub
T1621—
Multi-Factor Authentication Request Generation
T1649—
Steal or Forge Authentication Certificates
Discovery
TA00077/34
T10409
Network Sniffing
T10838
File and Directory Discovery
T14977
Virtualization/Sandbox Evasion
+3 sub
T10462
Network Service Discovery
T10571
Process Discovery
T10871
Account Discovery
+4 sub
T15181
Software Discovery
+2 sub
T1007—
System Service Discovery
T1010—
Application Window Discovery
T1012—
Query Registry
T1016—
System Network Configuration Discovery
+2 sub
T1018—
Remote System Discovery
T1033—
System Owner/User Discovery
T1049—
System Network Connections Discovery
T1069—
Permission Groups Discovery
+3 sub
T1082—
System Information Discovery
T1120—
Peripheral Device Discovery
T1124—
System Time Discovery
T1135—
Network Share Discovery
T1201—
Password Policy Discovery
T1217—
Browser Information Discovery
T1482—
Domain Trust Discovery
T1526—
Cloud Service Discovery
T1538—
Cloud Service Dashboard
T1580—
Cloud Infrastructure Discovery
T1613—
Container and Resource Discovery
T1614—
System Location Discovery
+1 sub
T1615—
Group Policy Discovery
T1619—
Cloud Storage Object Discovery
T1622—
Debugger Evasion
T1652—
Device Driver Discovery
T1654—
Log Enumeration
T1673—
Virtual Machine Discovery
T1680—
Local Storage Discovery
Lateral Movement
TA00085/9
T109110
Replication Through Removable Media
T12108
Exploitation of Remote Services
T15638
Remote Service Session Hijacking
+2 sub
T10801
Taint Shared Content
T15501
Use Alternate Authentication Material
+4 sub
T1021—
Remote Services
+8 sub
T1072—
Software Deployment Tools
T1534—
Internal Spearphishing
T1570—
Lateral Tool Transfer
Collection
TA00094/17
T100581
Data from Local System
T155737
Adversary-in-the-Middle
+4 sub
T118523
Browser Session Hijacking
T12132
Data from Information Repositories
+6 sub
T1025—
Data from Removable Media
T1039—
Data from Network Shared Drive
T1056—
Input Capture
+4 sub
T1074—
Data Staged
+2 sub
T1113—
Screen Capture
T1114—
Email Collection
+3 sub
T1115—
Clipboard Data
T1119—
Automated Collection
T1123—
Audio Capture
T1125—
Video Capture
T1530—
Data from Cloud Storage
T1560—
Archive Collected Data
+3 sub
T1602—
Data from Configuration Repository
+2 sub
Command and Control
TA00111/18
T11052
Ingress Tool Transfer
T1001—
Data Obfuscation
+3 sub
T1008—
Fallback Channels
T1071—
Application Layer Protocol
+5 sub
T1090—
Proxy
+4 sub
T1092—
Communication Through Removable Media
T1095—
Non-Application Layer Protocol
T1102—
Web Service
+3 sub
T1104—
Multi-Stage Channels
T1132—
Data Encoding
+2 sub
T1205—
Traffic Signaling
+2 sub
T1219—
Remote Access Tools
+3 sub
T1568—
Dynamic Resolution
+3 sub
T1571—
Non-Standard Port
T1572—
Protocol Tunneling
T1573—
Encrypted Channel
+2 sub
T1659—
Content Injection
T1665—
Hide Infrastructure
Exfiltration
TA00100/9
T1011—
Exfiltration Over Other Network Medium
+1 sub
T1020—
Automated Exfiltration
+1 sub
T1029—
Scheduled Transfer
T1030—
Data Transfer Size Limits
T1041—
Exfiltration Over C2 Channel
T1048—
Exfiltration Over Alternative Protocol
+3 sub
T1052—
Exfiltration Over Physical Medium
+1 sub
T1537—
Transfer Data to Cloud Account
T1567—
Exfiltration Over Web Service
+4 sub
Impact
TA00408/15
T156532
Data Manipulation
+3 sub
T148524
Data Destruction
+1 sub
T149918
Endpoint Denial of Service
+4 sub
T14895
Service Stop
T15294
System Shutdown/Reboot
T14913
Defacement
+2 sub
T14962
Resource Hijacking
+4 sub
T15311
Account Access Removal
T1486—
Data Encrypted for Impact
T1490—
Inhibit System Recovery
T1495—
Firmware Corruption
T1498—
Network Denial of Service
+2 sub
T1561—
Disk Wipe
+2 sub
T1657—
Financial Theft
T1667—
Email Bombing
Tactic Coverage
14 tactics- Reconnaissance1/12
- Resource Development1/9
- Initial Access7/11
- Execution5/20
- Persistence8/22
- Privilege Escalation7/13
- Defense Evasion0/0
- Credential Access8/17
- Discovery7/34
- Lateral Movement5/9
- Collection4/17
- Command and Control1/18
- Exfiltration0/9
- Impact8/15
Legend:50+10–491–90