Trusted Design

Technique 一覧

Technique ID 名称 概要 戦術
T1683 Generate Content Adversaries may create or generate content to support targeting and operations. This content may be used to establish pe… resource-development
T1558.001 Golden Ticket Adversaries who have the KRBTGT account password hash may forge Kerberos ticket-granting tickets (TGT), also known as a … credential-access
T1061 Graphical User Interface **This technique has been deprecated. Please use [Remote Services](https://attack.mitre.org/techniques/T1021) where appr… execution
T1615 Group Policy Discovery Adversaries may gather information on Group Policy settings to identify paths for privilege escalation, security measure… discovery
T1484.001 Group Policy Modification Adversaries may modify Group Policy Objects (GPOs) to subvert the intended discretionary access controls for a domain, u… defense-impairment
T1552.006 Group Policy Preferences Adversaries may attempt to find unsecured credentials in Group Policy Preferences (GPP). GPP are tools that allow admini… credential-access
T1148 HISTCONTROL The <code>HISTCONTROL</code> environment variable keeps track of what should be saved by the <code>history</code> comman… stealth
T1027.006 HTML Smuggling Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of seemingly benign HTML… stealth
T1592.001 Hardware Adversaries may gather information about the victim's host hardware that can be used during targeting. Information about… reconnaissance
T1200 Hardware Additions Adversaries may physically introduce computer accessories, networking hardware, or other computing devices into a system… initial-access
T1564.005 Hidden File System Adversaries may use a hidden file system to conceal malicious activity from users and security tools. File systems provi… stealth
T1158 Hidden Files and Directories To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of… stealth
T1564.001 Hidden Files and Directories Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accid… stealth
T1564.002 Hidden Users Adversaries may use hidden users to hide the presence of user accounts they create or modify. Administrators may want to… stealth
T1147 Hidden Users Every user account in macOS has a userID associated with it. When creating a user, you can specify the userID for that a… stealth
T1143 Hidden Window Adversaries may implement hidden windows to conceal malicious activity from the plain sight of users. In some cases, win… stealth
T1564.003 Hidden Window Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows t… stealth
T1564 Hide Artifacts Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have… stealth
T1665 Hide Infrastructure Adversaries may manipulate network traffic in order to hide and evade detection of their C2 infrastructure. This can be … command-and-control
T1574 Hijack Execution Flow Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking exec… stealth
T1179 Hooking Windows processes often leverage application programming interface (API) functions to perform tasks that require reusabl… persistence
T1556.007 Hybrid Identity Adversaries may patch, modify, or otherwise backdoor cloud authentication processes that are tied to on-premises user id… defense-impairment
T1062 Hypervisor **This technique has been deprecated and should no longer be used.** A type-1 hypervisor is a software layer that sits … persistence
T1059.012 Hypervisor CLI Adversaries may abuse hypervisor command line interpreters (CLIs) to execute malicious commands. Hypervisor CLIs typical… execution
T1176.002 IDE Extensions Adversaries may abuse an integrated development environment (IDE) extension to establish persistent access to victim sys… persistence
T1219.001 IDE Tunneling Adversaries may abuse Integrated Development Environment (IDE) software with remote development features to establish an… command-and-control
T1505.004 IIS Components Adversaries may install malicious components that run on Internet Information Services (IIS) web servers to establish pe… persistence
T1590.005 IP Addresses Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addresses may be allocated… reconnaissance
T1591.003 Identify Business Tempo Adversaries may gather information about the victim's business tempo that can be used during targeting. Information abou… reconnaissance
T1591.004 Identify Roles Adversaries may gather information about identities and roles within the victim organization that can be used during tar… reconnaissance
T1564.011 Ignore Process Interrupts Adversaries may evade defensive mechanisms by executing commands that hide from process interrupt signals. Many operatin… stealth
T1183 Image File Execution Options Injection Image File Execution Options (IFEO) enable a developer to attach a debugger to an application. When a process is created… privilege-escalation
T1546.012 Image File Execution Options Injection Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by Image File E… privilege-escalation
T1562.003 Impair Command History Logging Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interp… stealth
T1562 Impair Defenses Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms… stealth
T1656 Impersonation Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing som… stealth
T1684.001 Impersonation Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing som… stealth
T1525 Implant Internal Image Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to a… persistence
T1054 Indicator Blocking An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. T… stealth
T1562.006 Indicator Blocking An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. T… stealth
T1070 Indicator Removal Adversaries may selectively delete or modify artifacts generated to reduce indications of their presence and blend in wi… stealth
T1066 Indicator Removal from Tools If a malicious tool is detected and quarantined or otherwise curtailed, an adversary may be able to determine why the ma… stealth
T1027.005 Indicator Removal from Tools Adversaries may remove indicators from tools if they believe their malicious tool was detected, quarantined, or otherwis… stealth
T1202 Indirect Command Execution Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of c… stealth
T1105 Ingress Tool Transfer Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may… command-and-control
T1490 Inhibit System Recovery Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted syst… impact
T1056 Input Capture Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system u… collection
T1674 Input Injection Adversaries may simulate keystrokes on a victim’s computer by various means to perform any type of action on behalf of t… execution
T1141 Input Prompt When programs are executed that need additional privileges than are present in the current user context, it is common fo… credential-access
T1608.003 Install Digital Certificate Adversaries may install SSL/TLS certificates that can be used during targeting. SSL/TLS certificates are files that can … resource-development