use-mitre-attack
Version:
Simple representation of MITRE ATT&CK data
1,655 lines (1,654 loc) • 213 kB
JSON
{
"tactics": {
"TA0006": {
"id": "TA0006",
"name": "Credential Access",
"url": "https://attack.mitre.org/tactics/TA0006",
"techniques": [
"T1557",
"T1003",
"T1539",
"T1040",
"T1558",
"T1555",
"T1552",
"T1649",
"T1528",
"T1606",
"T1621",
"T1212",
"T1110",
"T1187",
"T1056",
"T1111",
"T1556"
]
},
"TA0002": {
"id": "TA0002",
"name": "Execution",
"url": "https://attack.mitre.org/tactics/TA0002",
"techniques": [
"T1047",
"T1129",
"T1053",
"T1106",
"T1610",
"T1059",
"T1609",
"T1204",
"T1072",
"T1559",
"T1203",
"T1569",
"T1651",
"T1648"
]
},
"TA0040": {
"id": "TA0040",
"name": "Impact",
"url": "https://attack.mitre.org/tactics/TA0040",
"techniques": [
"T1561",
"T1489",
"T1491",
"T1565",
"T1531",
"T1486",
"T1499",
"T1496",
"T1485",
"T1498",
"T1495",
"T1490",
"T1529"
]
},
"TA0003": {
"id": "TA0003",
"name": "Persistence",
"url": "https://attack.mitre.org/tactics/TA0003",
"techniques": [
"T1037",
"T1543",
"T1133",
"T1547",
"T1137",
"T1053",
"T1176",
"T1205",
"T1525",
"T1542",
"T1554",
"T1098",
"T1574",
"T1078",
"T1546",
"T1197",
"T1505",
"T1136",
"T1556"
]
},
"TA0004": {
"id": "TA0004",
"name": "Privilege Escalation",
"url": "https://attack.mitre.org/tactics/TA0004",
"techniques": [
"T1037",
"T1543",
"T1547",
"T1053",
"T1055",
"T1611",
"T1548",
"T1574",
"T1078",
"T1068",
"T1546",
"T1134",
"T1484"
]
},
"TA0008": {
"id": "TA0008",
"name": "Lateral Movement",
"url": "https://attack.mitre.org/tactics/TA0008",
"techniques": [
"T1080",
"T1091",
"T1550",
"T1021",
"T1563",
"T1072",
"T1210",
"T1534",
"T1570"
]
},
"TA0005": {
"id": "TA0005",
"name": "Defense Evasion",
"url": "https://attack.mitre.org/tactics/TA0005",
"techniques": [
"T1006",
"T1014",
"T1578",
"T1600",
"T1564",
"T1202",
"T1140",
"T1562",
"T1036",
"T1055",
"T1205",
"T1218",
"T1620",
"T1550",
"T1207",
"T1610",
"T1112",
"T1535",
"T1222",
"T1548",
"T1070",
"T1647",
"T1542",
"T1612",
"T1497",
"T1480",
"T1601",
"T1574",
"T1078",
"T1027",
"T1599",
"T1553",
"T1197",
"T1221",
"T1134",
"T1622",
"T1484",
"T1220",
"T1556",
"T1216",
"T1211",
"T1127"
]
},
"TA0010": {
"id": "TA0010",
"name": "Exfiltration",
"url": "https://attack.mitre.org/tactics/TA0010",
"techniques": [
"T1567",
"T1029",
"T1011",
"T1020",
"T1041",
"T1048",
"T1030",
"T1537",
"T1052"
]
},
"TA0007": {
"id": "TA0007",
"name": "Discovery",
"url": "https://attack.mitre.org/tactics/TA0007",
"techniques": [
"T1033",
"T1613",
"T1069",
"T1615",
"T1652",
"T1007",
"T1040",
"T1135",
"T1120",
"T1082",
"T1010",
"T1580",
"T1217",
"T1016",
"T1087",
"T1482",
"T1083",
"T1049",
"T1497",
"T1619",
"T1057",
"T1201",
"T1012",
"T1614",
"T1526",
"T1018",
"T1046",
"T1518",
"T1538",
"T1622",
"T1124"
]
},
"TA0009": {
"id": "TA0009",
"name": "Collection",
"url": "https://attack.mitre.org/tactics/TA0009",
"techniques": [
"T1113",
"T1557",
"T1602",
"T1123",
"T1114",
"T1025",
"T1119",
"T1115",
"T1530",
"T1005",
"T1560",
"T1185",
"T1125",
"T1074",
"T1039",
"T1056",
"T1213"
]
},
"TA0042": {
"id": "TA0042",
"name": "Resource Development",
"url": "https://attack.mitre.org/tactics/TA0042",
"techniques": [
"T1583",
"T1584",
"T1586",
"T1608",
"T1585",
"T1588",
"T1650",
"T1587"
]
},
"TA0043": {
"id": "TA0043",
"name": "Reconnaissance",
"url": "https://attack.mitre.org/tactics/TA0043",
"techniques": [
"T1592",
"T1594",
"T1589",
"T1596",
"T1595",
"T1591",
"T1590",
"T1593",
"T1597",
"T1598"
]
},
"TA0011": {
"id": "TA0011",
"name": "Command and Control",
"url": "https://attack.mitre.org/tactics/TA0011",
"techniques": [
"T1071",
"T1219",
"T1205",
"T1572",
"T1092",
"T1090",
"T1568",
"T1102",
"T1104",
"T1001",
"T1571",
"T1573",
"T1095",
"T1132",
"T1105",
"T1008"
]
},
"TA0001": {
"id": "TA0001",
"name": "Initial Access",
"url": "https://attack.mitre.org/tactics/TA0001",
"techniques": [
"T1133",
"T1091",
"T1195",
"T1190",
"T1199",
"T1566",
"T1078",
"T1200",
"T1189"
]
}
},
"techniques": {
"T1055.011": {
"id": "T1055.011",
"name": "Extra Window Memory Injection",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1055/011",
"relation": {
"technique": "T1055"
}
},
"T1053.005": {
"id": "T1053.005",
"name": "Scheduled Task",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1053/005",
"relation": {
"technique": "T1053"
}
},
"T1205.002": {
"id": "T1205.002",
"name": "Socket Filters",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1205/002",
"relation": {
"technique": "T1205"
}
},
"T1560.001": {
"id": "T1560.001",
"name": "Archive via Utility",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1560/001",
"relation": {
"technique": "T1560"
}
},
"T1021.005": {
"id": "T1021.005",
"name": "VNC",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1021/005",
"relation": {
"technique": "T1021"
}
},
"T1047": {
"id": "T1047",
"name": "Windows Management Instrumentation",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1047",
"relation": {
"subTechniques": [],
"tactics": [
"TA0002"
]
}
},
"T1113": {
"id": "T1113",
"name": "Screen Capture",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1113",
"relation": {
"subTechniques": [],
"tactics": [
"TA0009"
]
}
},
"T1027.011": {
"id": "T1027.011",
"name": "Fileless Storage",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1027/011",
"relation": {
"technique": "T1027"
}
},
"T1037": {
"id": "T1037",
"name": "Boot or Logon Initialization Scripts",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1037",
"relation": {
"subTechniques": [
"T1037.002",
"T1037.005",
"T1037.003",
"T1037.004",
"T1037.001"
],
"tactics": [
"TA0003",
"TA0004"
]
}
},
"T1557": {
"id": "T1557",
"name": "Adversary-in-the-Middle",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1557",
"relation": {
"subTechniques": [
"T1557.003",
"T1557.001",
"T1557.002"
],
"tactics": [
"TA0006",
"TA0009"
]
}
},
"T1033": {
"id": "T1033",
"name": "System Owner/User Discovery",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1033",
"relation": {
"subTechniques": [],
"tactics": [
"TA0007"
]
}
},
"T1583": {
"id": "T1583",
"name": "Acquire Infrastructure",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1583",
"relation": {
"subTechniques": [
"T1583.007",
"T1583.008",
"T1583.002",
"T1583.005",
"T1583.001",
"T1583.004",
"T1583.003",
"T1583.006"
],
"tactics": [
"TA0042"
]
}
},
"T1218.011": {
"id": "T1218.011",
"name": "Rundll32",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1218/011",
"relation": {
"technique": "T1218"
}
},
"T1613": {
"id": "T1613",
"name": "Container and Resource Discovery",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1613",
"relation": {
"subTechniques": [],
"tactics": [
"TA0007"
]
}
},
"T1583.007": {
"id": "T1583.007",
"name": "Serverless",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1583/007",
"relation": {
"technique": "T1583"
}
},
"T1132.001": {
"id": "T1132.001",
"name": "Standard Encoding",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1132/001",
"relation": {
"technique": "T1132"
}
},
"T1027.009": {
"id": "T1027.009",
"name": "Embedded Payloads",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1027/009",
"relation": {
"technique": "T1027"
}
},
"T1556.003": {
"id": "T1556.003",
"name": "Pluggable Authentication Modules",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1556/003",
"relation": {
"technique": "T1556"
}
},
"T1578.004": {
"id": "T1578.004",
"name": "Revert Cloud Instance",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1578/004",
"relation": {
"technique": "T1578"
}
},
"T1592": {
"id": "T1592",
"name": "Gather Victim Host Information",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1592",
"relation": {
"subTechniques": [
"T1592.001",
"T1592.004",
"T1592.003",
"T1592.002"
],
"tactics": [
"TA0043"
]
}
},
"T1596.003": {
"id": "T1596.003",
"name": "Digital Certificates",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1596/003",
"relation": {
"technique": "T1596"
}
},
"T1056.001": {
"id": "T1056.001",
"name": "Keylogging",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1056/001",
"relation": {
"technique": "T1056"
}
},
"T1222.002": {
"id": "T1222.002",
"name": "Linux and Mac File and Directory Permissions Modification",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1222/002",
"relation": {
"technique": "T1222"
}
},
"T1110.001": {
"id": "T1110.001",
"name": "Password Guessing",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1110/001",
"relation": {
"technique": "T1110"
}
},
"T1216.001": {
"id": "T1216.001",
"name": "PubPrn",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1216/001",
"relation": {
"technique": "T1216"
}
},
"T1597.002": {
"id": "T1597.002",
"name": "Purchase Technical Data",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1597/002",
"relation": {
"technique": "T1597"
}
},
"T1003": {
"id": "T1003",
"name": "OS Credential Dumping",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1003",
"relation": {
"subTechniques": [
"T1003.002",
"T1003.004",
"T1003.007",
"T1003.001",
"T1003.005",
"T1003.008",
"T1003.003",
"T1003.006"
],
"tactics": [
"TA0006"
]
}
},
"T1129": {
"id": "T1129",
"name": "Shared Modules",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1129",
"relation": {
"subTechniques": [],
"tactics": [
"TA0002"
]
}
},
"T1602": {
"id": "T1602",
"name": "Data from Configuration Repository",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1602",
"relation": {
"subTechniques": [
"T1602.002",
"T1602.001"
],
"tactics": [
"TA0009"
]
}
},
"T1561.002": {
"id": "T1561.002",
"name": "Disk Structure Wipe",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1561/002",
"relation": {
"technique": "T1561"
}
},
"T1498.001": {
"id": "T1498.001",
"name": "Direct Network Flood",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1498/001",
"relation": {
"technique": "T1498"
}
},
"T1574.007": {
"id": "T1574.007",
"name": "Path Interception by PATH Environment Variable",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1574/007",
"relation": {
"technique": "T1574"
}
},
"T1213.002": {
"id": "T1213.002",
"name": "Sharepoint",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1213/002",
"relation": {
"technique": "T1213"
}
},
"T1006": {
"id": "T1006",
"name": "Direct Volume Access",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1006",
"relation": {
"subTechniques": [],
"tactics": [
"TA0005"
]
}
},
"T1564.008": {
"id": "T1564.008",
"name": "Email Hiding Rules",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1564/008",
"relation": {
"technique": "T1564"
}
},
"T1491.002": {
"id": "T1491.002",
"name": "External Defacement",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1491/002",
"relation": {
"technique": "T1491"
}
},
"T1590.005": {
"id": "T1590.005",
"name": "IP Addresses",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1590/005",
"relation": {
"technique": "T1590"
}
},
"T1499.001": {
"id": "T1499.001",
"name": "OS Exhaustion Flood",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1499/001",
"relation": {
"technique": "T1499"
}
},
"T1014": {
"id": "T1014",
"name": "Rootkit",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1014",
"relation": {
"subTechniques": [],
"tactics": [
"TA0005"
]
}
},
"T1546.013": {
"id": "T1546.013",
"name": "PowerShell Profile",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1546/013",
"relation": {
"technique": "T1546"
}
},
"T1059.007": {
"id": "T1059.007",
"name": "JavaScript",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1059/007",
"relation": {
"technique": "T1059"
}
},
"T1590.002": {
"id": "T1590.002",
"name": "DNS",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1590/002",
"relation": {
"technique": "T1590"
}
},
"T1123": {
"id": "T1123",
"name": "Audio Capture",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1123",
"relation": {
"subTechniques": [],
"tactics": [
"TA0009"
]
}
},
"T1543": {
"id": "T1543",
"name": "Create or Modify System Process",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1543",
"relation": {
"subTechniques": [
"T1543.003",
"T1543.004",
"T1543.001",
"T1543.002"
],
"tactics": [
"TA0003",
"TA0004"
]
}
},
"T1133": {
"id": "T1133",
"name": "External Remote Services",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1133",
"relation": {
"subTechniques": [],
"tactics": [
"TA0003",
"TA0001"
]
}
},
"T1546.006": {
"id": "T1546.006",
"name": "LC_LOAD_DYLIB Addition",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1546/006",
"relation": {
"technique": "T1546"
}
},
"T1539": {
"id": "T1539",
"name": "Steal Web Session Cookie",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1539",
"relation": {
"subTechniques": [],
"tactics": [
"TA0006"
]
}
},
"T1053.007": {
"id": "T1053.007",
"name": "Container Orchestration Job",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1053/007",
"relation": {
"technique": "T1053"
}
},
"T1568.002": {
"id": "T1568.002",
"name": "Domain Generation Algorithms",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1568/002",
"relation": {
"technique": "T1568"
}
},
"T1036.007": {
"id": "T1036.007",
"name": "Double File Extension",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1036/007",
"relation": {
"technique": "T1036"
}
},
"T1548.002": {
"id": "T1548.002",
"name": "Bypass User Account Control",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1548/002",
"relation": {
"technique": "T1548"
}
},
"T1016.001": {
"id": "T1016.001",
"name": "Internet Connection Discovery",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1016/001",
"relation": {
"technique": "T1016"
}
},
"T1548.003": {
"id": "T1548.003",
"name": "Sudo and Sudo Caching",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1548/003",
"relation": {
"technique": "T1548"
}
},
"T1560.003": {
"id": "T1560.003",
"name": "Archive via Custom Method",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1560/003",
"relation": {
"technique": "T1560"
}
},
"T1578": {
"id": "T1578",
"name": "Modify Cloud Compute Infrastructure",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1578",
"relation": {
"subTechniques": [
"T1578.004",
"T1578.003",
"T1578.002",
"T1578.001"
],
"tactics": [
"TA0005"
]
}
},
"T1583.008": {
"id": "T1583.008",
"name": "Malvertising",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1583/008",
"relation": {
"technique": "T1583"
}
},
"T1069": {
"id": "T1069",
"name": "Permission Groups Discovery",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1069",
"relation": {
"subTechniques": [
"T1069.003",
"T1069.002",
"T1069.001"
],
"tactics": [
"TA0007"
]
}
},
"T1114": {
"id": "T1114",
"name": "Email Collection",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1114",
"relation": {
"subTechniques": [
"T1114.001",
"T1114.003",
"T1114.002"
],
"tactics": [
"TA0009"
]
}
},
"T1003.002": {
"id": "T1003.002",
"name": "Security Account Manager",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1003/002",
"relation": {
"technique": "T1003"
}
},
"T1596.002": {
"id": "T1596.002",
"name": "WHOIS",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1596/002",
"relation": {
"technique": "T1596"
}
},
"T1542.001": {
"id": "T1542.001",
"name": "System Firmware",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1542/001",
"relation": {
"technique": "T1542"
}
},
"T1594": {
"id": "T1594",
"name": "Search Victim-Owned Websites",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1594",
"relation": {
"subTechniques": [],
"tactics": [
"TA0043"
]
}
},
"T1069.003": {
"id": "T1069.003",
"name": "Cloud Groups",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1069/003",
"relation": {
"technique": "T1069"
}
},
"T1574.011": {
"id": "T1574.011",
"name": "Services Registry Permissions Weakness",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1574/011",
"relation": {
"technique": "T1574"
}
},
"T1596.001": {
"id": "T1596.001",
"name": "DNS/Passive DNS",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1596/001",
"relation": {
"technique": "T1596"
}
},
"T1499.003": {
"id": "T1499.003",
"name": "Application Exhaustion Flood",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1499/003",
"relation": {
"technique": "T1499"
}
},
"T1195.001": {
"id": "T1195.001",
"name": "Compromise Software Dependencies and Development Tools",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1195/001",
"relation": {
"technique": "T1195"
}
},
"T1588.004": {
"id": "T1588.004",
"name": "Digital Certificates",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1588/004",
"relation": {
"technique": "T1588"
}
},
"T1583.002": {
"id": "T1583.002",
"name": "DNS Server",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1583/002",
"relation": {
"technique": "T1583"
}
},
"T1561": {
"id": "T1561",
"name": "Disk Wipe",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1561",
"relation": {
"subTechniques": [
"T1561.002",
"T1561.001"
],
"tactics": [
"TA0040"
]
}
},
"T1071.004": {
"id": "T1071.004",
"name": "DNS",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1071/004",
"relation": {
"technique": "T1071"
}
},
"T1552.005": {
"id": "T1552.005",
"name": "Cloud Instance Metadata API",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1552/005",
"relation": {
"technique": "T1552"
}
},
"T1555.002": {
"id": "T1555.002",
"name": "Securityd Memory",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1555/002",
"relation": {
"technique": "T1555"
}
},
"T1615": {
"id": "T1615",
"name": "Group Policy Discovery",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1615",
"relation": {
"subTechniques": [],
"tactics": [
"TA0007"
]
}
},
"T1542.003": {
"id": "T1542.003",
"name": "Bootkit",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1542/003",
"relation": {
"technique": "T1542"
}
},
"T1025": {
"id": "T1025",
"name": "Data from Removable Media",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1025",
"relation": {
"subTechniques": [],
"tactics": [
"TA0009"
]
}
},
"T1218.013": {
"id": "T1218.013",
"name": "Mavinject",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1218/013",
"relation": {
"technique": "T1218"
}
},
"T1074.001": {
"id": "T1074.001",
"name": "Local Data Staging",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1074/001",
"relation": {
"technique": "T1074"
}
},
"T1036.005": {
"id": "T1036.005",
"name": "Match Legitimate Name or Location",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1036/005",
"relation": {
"technique": "T1036"
}
},
"T1587.003": {
"id": "T1587.003",
"name": "Digital Certificates",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1587/003",
"relation": {
"technique": "T1587"
}
},
"T1565.001": {
"id": "T1565.001",
"name": "Stored Data Manipulation",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1565/001",
"relation": {
"technique": "T1565"
}
},
"T1110.002": {
"id": "T1110.002",
"name": "Password Cracking",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1110/002",
"relation": {
"technique": "T1110"
}
},
"T1114.001": {
"id": "T1114.001",
"name": "Local Email Collection",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1114/001",
"relation": {
"technique": "T1114"
}
},
"T1555.001": {
"id": "T1555.001",
"name": "Keychain",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1555/001",
"relation": {
"technique": "T1555"
}
},
"T1547": {
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1547",
"relation": {
"subTechniques": [
"T1547.014",
"T1547.012",
"T1547.010",
"T1547.009",
"T1547.005",
"T1547.003",
"T1547.004",
"T1547.015",
"T1547.001",
"T1547.006",
"T1547.002",
"T1547.013",
"T1547.007",
"T1547.008"
],
"tactics": [
"TA0003",
"TA0004"
]
}
},
"T1003.004": {
"id": "T1003.004",
"name": "LSA Secrets",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1003/004",
"relation": {
"technique": "T1003"
}
},
"T1600": {
"id": "T1600",
"name": "Weaken Encryption",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1600",
"relation": {
"subTechniques": [
"T1600.001",
"T1600.002"
],
"tactics": [
"TA0005"
]
}
},
"T1606.002": {
"id": "T1606.002",
"name": "SAML Tokens",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1606/002",
"relation": {
"technique": "T1606"
}
},
"T1036.008": {
"id": "T1036.008",
"name": "Masquerade File Type",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1036/008",
"relation": {
"technique": "T1036"
}
},
"T1489": {
"id": "T1489",
"name": "Service Stop",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1489",
"relation": {
"subTechniques": [],
"tactics": [
"TA0040"
]
}
},
"T1587.001": {
"id": "T1587.001",
"name": "Malware",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1587/001",
"relation": {
"technique": "T1587"
}
},
"T1652": {
"id": "T1652",
"name": "Device Driver Discovery",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1652",
"relation": {
"subTechniques": [],
"tactics": [
"TA0007"
]
}
},
"T1087.002": {
"id": "T1087.002",
"name": "Domain Account",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1087/002",
"relation": {
"technique": "T1087"
}
},
"T1547.014": {
"id": "T1547.014",
"name": "Active Setup",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1547/014",
"relation": {
"technique": "T1547"
}
},
"T1564": {
"id": "T1564",
"name": "Hide Artifacts",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1564",
"relation": {
"subTechniques": [
"T1564.008",
"T1564.002",
"T1564.009",
"T1564.006",
"T1564.007",
"T1564.003",
"T1564.005",
"T1564.001",
"T1564.004",
"T1564.010"
],
"tactics": [
"TA0005"
]
}
},
"T1559.002": {
"id": "T1559.002",
"name": "Dynamic Data Exchange",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1559/002",
"relation": {
"technique": "T1559"
}
},
"T1204.002": {
"id": "T1204.002",
"name": "Malicious File",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1204/002",
"relation": {
"technique": "T1204"
}
},
"T1591.003": {
"id": "T1591.003",
"name": "Identify Business Tempo",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1591/003",
"relation": {
"technique": "T1591"
}
},
"T1592.001": {
"id": "T1592.001",
"name": "Hardware",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1592/001",
"relation": {
"technique": "T1592"
}
},
"T1080": {
"id": "T1080",
"name": "Taint Shared Content",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1080",
"relation": {
"subTechniques": [],
"tactics": [
"TA0008"
]
}
},
"T1484.002": {
"id": "T1484.002",
"name": "Domain Trust Modification",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1484/002",
"relation": {
"technique": "T1484"
}
},
"T1573.001": {
"id": "T1573.001",
"name": "Symmetric Cryptography",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1573/001",
"relation": {
"technique": "T1573"
}
},
"T1087.001": {
"id": "T1087.001",
"name": "Local Account",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1087/001",
"relation": {
"technique": "T1087"
}
},
"T1586.001": {
"id": "T1586.001",
"name": "Social Media Accounts",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1586/001",
"relation": {
"technique": "T1586"
}
},
"T1562.009": {
"id": "T1562.009",
"name": "Safe Mode Boot",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1562/009",
"relation": {
"technique": "T1562"
}
},
"T1542.005": {
"id": "T1542.005",
"name": "TFTP Boot",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1542/005",
"relation": {
"technique": "T1542"
}
},
"T1543.003": {
"id": "T1543.003",
"name": "Windows Service",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1543/003",
"relation": {
"technique": "T1543"
}
},
"T1568.001": {
"id": "T1568.001",
"name": "Fast Flux DNS",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1568/001",
"relation": {
"technique": "T1568"
}
},
"T1497.001": {
"id": "T1497.001",
"name": "System Checks",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1497/001",
"relation": {
"technique": "T1497"
}
},
"T1053.003": {
"id": "T1053.003",
"name": "Cron",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1053/003",
"relation": {
"technique": "T1053"
}
},
"T1069.002": {
"id": "T1069.002",
"name": "Domain Groups",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1069/002",
"relation": {
"technique": "T1069"
}
},
"T1588.006": {
"id": "T1588.006",
"name": "Vulnerabilities",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1588/006",
"relation": {
"technique": "T1588"
}
},
"T1566.002": {
"id": "T1566.002",
"name": "Spearphishing Link",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1566/002",
"relation": {
"technique": "T1566"
}
},
"T1070.002": {
"id": "T1070.002",
"name": "Clear Linux or Mac System Logs",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1070/002",
"relation": {
"technique": "T1070"
}
},
"T1499.004": {
"id": "T1499.004",
"name": "Application or System Exploitation",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1499/004",
"relation": {
"technique": "T1499"
}
},
"T1137": {
"id": "T1137",
"name": "Office Application Startup",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1137",
"relation": {
"subTechniques": [
"T1137.006",
"T1137.005",
"T1137.001",
"T1137.003",
"T1137.004",
"T1137.002"
],
"tactics": [
"TA0003"
]
}
},
"T1218.004": {
"id": "T1218.004",
"name": "InstallUtil",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1218/004",
"relation": {
"technique": "T1218"
}
},
"T1598.003": {
"id": "T1598.003",
"name": "Spearphishing Link",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1598/003",
"relation": {
"technique": "T1598"
}
},
"T1021.004": {
"id": "T1021.004",
"name": "SSH",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1021/004",
"relation": {
"technique": "T1021"
}
},
"T1098.003": {
"id": "T1098.003",
"name": "Additional Cloud Roles",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1098/003",
"relation": {
"technique": "T1098"
}
},
"T1547.012": {
"id": "T1547.012",
"name": "Print Processors",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1547/012",
"relation": {
"technique": "T1547"
}
},
"T1566.001": {
"id": "T1566.001",
"name": "Spearphishing Attachment",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1566/001",
"relation": {
"technique": "T1566"
}
},
"T1027.008": {
"id": "T1027.008",
"name": "Stripped Payloads",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1027/008",
"relation": {
"technique": "T1027"
}
},
"T1559.001": {
"id": "T1559.001",
"name": "Component Object Model",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1559/001",
"relation": {
"technique": "T1559"
}
},
"T1574.001": {
"id": "T1574.001",
"name": "DLL Search Order Hijacking",
"isSubTechnique": true,
"url": "https://attack.mitre.org/techniques/T1574/001",
"relation": {
"technique": "T1574"
}
},
"T1119": {
"id": "T1119",
"name": "Automated Collection",
"isSubTechnique": false,
"url": "https://attack.mitre.org/techniques/T1119",
"relation": {
"subTechniques": [],
"tactics": [
"TA0009"