Contact Privacy DMCA

Robuta
https://attack.mitre.org/techniques/T1574/001/ Hijack Execution Flow: DLL, Sub-technique T1574.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquehijackexecutionflow https://attack.mitre.org/techniques/T1056/004/ Input Capture: Credential API Hooking, Sub-technique T1056.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueinputcapturecredential https://attack.mitre.org/techniques/T1070/009/ Indicator Removal: Clear Persistence, Sub-technique T1070.009 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueindicatorremovalclear https://attack.mitre.org/techniques/T1547/006/ Boot or Logon Autostart Execution: Kernel Modules and Extensions, Sub-technique T1547.006 -... sub techniquebootlogonautostartexecution https://attack.mitre.org/techniques/T1218/003/ System Binary Proxy Execution: CMSTP, Sub-technique T1218.003 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1588/007/ Obtain Capabilities: Artificial Intelligence, Sub-technique T1588.007 - Enterprise | MITRE ATT&CK® enterprise mitre attartificial intelligencesub techniqueobtaincapabilities https://attack.mitre.org/techniques/T1102/001/ Web Service: Dead Drop Resolver, Sub-technique T1102.001 - Enterprise | MITRE ATT&CK® enterprise mitre attweb servicesub techniquedeaddrop https://attack.mitre.org/techniques/T1518/001/ Software Discovery: Security Software Discovery, Sub-technique T1518.001 - Enterprise | MITRE... software discoverysub techniquesecurityenterprisemitre https://attack.mitre.org/techniques/T1218/011/ System Binary Proxy Execution: Rundll32, Sub-technique T1218.011 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1059/006/ Command and Scripting Interpreter: Python, Sub-technique T1059.006 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquecommandscriptinginterpreter https://attack.mitre.org/techniques/T1583/001/ Acquire Infrastructure: Domains, Sub-technique T1583.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueacquireinfrastructuredomains https://attack.mitre.org/techniques/T1134/005/ Access Token Manipulation: SID-History Injection, Sub-technique T1134.005 - Enterprise | MITRE... access tokensub techniquemanipulationsidhistory https://attack.mitre.org/techniques/T1071/002/ Application Layer Protocol: File Transfer Protocols, Sub-technique T1071.002 - Enterprise | MITRE... file transfersub techniqueapplicationlayerprotocol https://attack.mitre.org/techniques/T1550/002/ Use Alternate Authentication Material: Pass the Hash, Sub-technique T1550.002 - Enterprise | MITRE... sub techniqueusealternateauthenticationmaterial https://attack.mitre.org/techniques/T1560/003/ Archive Collected Data: Archive via Custom Method, Sub-technique T1560.003 - Enterprise | MITRE... archive collecteddata viasub techniquecustommethod https://attack.mitre.org/techniques/T1564/004/ Hide Artifacts: NTFS File Attributes, Sub-technique T1564.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquehideartifactsntfs https://attack.mitre.org/techniques/T1098/002/ Account Manipulation: Additional Email Delegate Permissions, Sub-technique T1098.002 - Enterprise |... sub techniqueaccountmanipulationadditionalemail https://attack.mitre.org/techniques/T1548/002/ Abuse Elevation Control Mechanism: Bypass User Account Control, Sub-technique T1548.002 -... elevation controluser accountsub techniqueabusemechanism https://attack.mitre.org/techniques/T1087/001/ Account Discovery: Local Account, Sub-technique T1087.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueaccountdiscoverylocal https://attack.mitre.org/techniques/T1543/001/ Create or Modify System Process: Launch Agent, Sub-technique T1543.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquecreatemodifysystem https://attack.mitre.org/techniques/T1070/004/ Indicator Removal: File Deletion, Sub-technique T1070.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueindicatorremovalfile https://attack.mitre.org/techniques/T1021/002/ Remote Services: SMB/Windows Admin Shares, Sub-technique T1021.002 - Enterprise | MITRE ATT&CK® enterprise mitre attremote servicessub techniquesmbwindows https://attack.mitre.org/techniques/T1090/002/ Proxy: External Proxy, Sub-technique T1090.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueproxyexternal https://attack.mitre.org/techniques/T1588/002/ Obtain Capabilities: Tool, Sub-technique T1588.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueobtaincapabilitiestool https://attack.mitre.org/techniques/T1218/001/ System Binary Proxy Execution: Compiled HTML File, Sub-technique T1218.001 - Enterprise | MITRE... proxy executionsub techniquesystembinarycompiled https://attack.mitre.org/techniques/T1573/001/ Encrypted Channel: Symmetric Cryptography, Sub-technique T1573.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueencryptedchannelsymmetric https://attack.mitre.org/techniques/T1542/003/ Pre-OS Boot: Bootkit, Sub-technique T1542.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquepreosboot https://attack.mitre.org/techniques/T1568/002/ Dynamic Resolution: Domain Generation Algorithms, Sub-technique T1568.002 - Enterprise | MITRE... sub techniquedynamicresolutiondomaingeneration https://attack.mitre.org/techniques/T1071/003/ Application Layer Protocol: Mail Protocols, Sub-technique T1071.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueapplicationlayerprotocol https://attack.mitre.org/techniques/T1056/001/ Input Capture: Keylogging, Sub-technique T1056.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueinputcapture https://attack.mitre.org/techniques/T1543/002/ Create or Modify System Process: Systemd Service, Sub-technique T1543.002 - Enterprise | MITRE... sub techniquecreatemodifysystemprocess https://attack.mitre.org/techniques/T1595/002/ Active Scanning: Vulnerability Scanning, Sub-technique T1595.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueactivescanningvulnerability https://attack.mitre.org/techniques/T1055/004/ Process Injection: Asynchronous Procedure Call, Sub-technique T1055.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueprocessinjectionasynchronous https://attack.mitre.org/techniques/T1052/001/ Exfiltration Over Physical Medium: Exfiltration over USB, Sub-technique T1052.001 - Enterprise |... sub techniqueexfiltrationphysicalmediumusb https://attack.mitre.org/versions/v19/techniques/T1218/007/ System Binary Proxy Execution: Msiexec, Sub-technique T1218.007 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1070/006/ Indicator Removal: Timestomp, Sub-technique T1070.006 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueindicatorremoval https://attack.mitre.org/techniques/T1003/006/ OS Credential Dumping: DCSync, Sub-technique T1003.006 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueoscredentialdumping https://attack.mitre.org/techniques/T1586/002/ Compromise Accounts: Email Accounts, Sub-technique T1586.002 - Enterprise | MITRE ATT&CK® enterprise mitre attaccounts emailsub techniquecompromise https://attack.mitre.org/techniques/T1071/001/ Application Layer Protocol: Web Protocols, Sub-technique T1071.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueapplicationlayerprotocol https://attack.mitre.org/techniques/T1102/002/ Web Service: Bidirectional Communication, Sub-technique T1102.002 - Enterprise | MITRE ATT&CK® enterprise mitre attweb servicesub techniquebidirectionalcommunication https://attack.mitre.org/techniques/T1069/002/ Permission Groups Discovery: Domain Groups, Sub-technique T1069.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquepermissiongroupsdiscovery https://attack.mitre.org/techniques/T1134/001/ Access Token Manipulation: Token Impersonation/Theft, Sub-technique T1134.001 - Enterprise | MITRE... access tokensub techniquemanipulationimpersonationtheft https://attack.mitre.org/techniques/T1505/003/ Server Software Component: Web Shell, Sub-technique T1505.003 - Enterprise | MITRE ATT&CK® enterprise mitre attserver softwaresub techniquecomponentweb https://attack.mitre.org/techniques/T1074/001/ Data Staged: Local Data Staging, Sub-technique T1074.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquedatastagedlocal https://attack.mitre.org/techniques/T1110/003/ Brute Force: Password Spraying, Sub-technique T1110.003 - Enterprise | MITRE ATT&CK® enterprise mitre attbrute forcesub techniquepasswordspraying https://attack.mitre.org/techniques/T1036/003/ Masquerading: Rename Legitimate Utilities, Sub-technique T1036.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquerenamelegitimateutilities https://attack.mitre.org/techniques/T1547/004/ Boot or Logon Autostart Execution: Winlogon Helper DLL, Sub-technique T1547.004 - Enterprise |... sub techniquebootlogonautostartexecution https://attack.mitre.org/techniques/T1059/001/ Command and Scripting Interpreter: PowerShell, Sub-technique T1059.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquecommandscriptinginterpreter https://attack.mitre.org/techniques/T1204/001/ User Execution: Malicious Link, Sub-technique T1204.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueuserexecutionmalicious https://attack.mitre.org/techniques/T1685/005/ Disable or Modify Tools: Clear Windows Event Logs, Sub-technique T1685.005 - Enterprise | MITRE... windows eventsub techniquedisablemodifytools https://attack.mitre.org/techniques/T1090/003/ Proxy: Multi-hop Proxy, Sub-technique T1090.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueproxymultihop https://attack.mitre.org/techniques/T1566/001/ Phishing: Spearphishing Attachment, Sub-technique T1566.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquephishingattachment https://attack.mitre.org/techniques/T1218/004/ System Binary Proxy Execution: InstallUtil, Sub-technique T1218.004 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1573/002/ Encrypted Channel: Asymmetric Cryptography, Sub-technique T1573.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueencryptedchannelasymmetric https://attack.mitre.org/techniques/T1546/015/ Event Triggered Execution: Component Object Model Hijacking, Sub-technique T1546.015 - Enterprise |... object modelsub techniqueeventtriggeredexecution https://attack.mitre.org/techniques/T1560/001/ Archive Collected Data: Archive via Utility, Sub-technique T1560.001 - Enterprise | MITRE ATT&CK® enterprise mitre attarchive collecteddata viasub techniqueutility https://attack.mitre.org/techniques/T1036/005/ Masquerading: Match Legitimate Resource Name or Location, Sub-technique T1036.005 - Enterprise |... sub techniquematchlegitimateresourcename https://attack.mitre.org/techniques/T1550/003/ Use Alternate Authentication Material: Pass the Ticket, Sub-technique T1550.003 - Enterprise |... sub techniqueusealternateauthenticationmaterial https://attack.mitre.org/techniques/T1589/001/ Gather Victim Identity Information: Credentials, Sub-technique T1589.001 - Enterprise | MITRE... sub techniquegathervictimidentityinformation https://attack.mitre.org/techniques/T1218/012/ System Binary Proxy Execution: Verclsid, Sub-technique T1218.012 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1003/001/ OS Credential Dumping: LSASS Memory, Sub-technique T1003.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueoscredentialdumping https://attack.mitre.org/techniques/T1546/007/ Event Triggered Execution: Netsh Helper DLL, Sub-technique T1546.007 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueeventtriggeredexecution https://attack.mitre.org/techniques/T1078/004/ Valid Accounts: Cloud Accounts, Sub-technique T1078.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquevalidaccountscloud https://attack.mitre.org/techniques/T1559/001/ Inter-Process Communication: Component Object Model, Sub-technique T1559.001 - Enterprise | MITRE... process communicationobject modelsub techniqueintercomponent https://attack.mitre.org/techniques/T1218/005/ System Binary Proxy Execution: Mshta, Sub-technique T1218.005 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1583/003/ Acquire Infrastructure: Virtual Private Server, Sub-technique T1583.003 - Enterprise | MITRE ATT&CK® virtual private serverenterprise mitre attsub techniqueacquireinfrastructure https://attack.mitre.org/techniques/T1218/002/ System Binary Proxy Execution: Control Panel, Sub-technique T1218.002 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executioncontrol panelsub techniquesystem https://attack.mitre.org/techniques/T1218/013/ System Binary Proxy Execution: Mavinject, Sub-technique T1218.013 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1557/001/ Adversary-in-the-Middle: Name Resolution Poisoning and SMB Relay, Sub-technique T1557.001 -... middle namesub techniqueadversaryresolutionpoisoning https://attack.mitre.org/techniques/T1059/003/ Command and Scripting Interpreter: Windows Command Shell, Sub-technique T1059.003 - Enterprise |... sub techniquecommandscriptinginterpreterwindows https://attack.mitre.org/techniques/T1027/003/ Obfuscated Files or Information: Steganography, Sub-technique T1027.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquefilesinformationsteganography https://attack.mitre.org/techniques/T1027/013/ Obfuscated Files or Information: Encrypted/Encoded File, Sub-technique T1027.013 - Enterprise |... sub techniquefilesinformationencryptedencoded https://attack.mitre.org/techniques/T1213/002/ Data from Information Repositories: Sharepoint, Sub-technique T1213.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquedatainformationrepositories https://attack.mitre.org/techniques/T1204/002/ User Execution: Malicious File, Sub-technique T1204.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueuserexecutionmalicious https://attack.mitre.org/techniques/T1027/016/ Obfuscated Files or Information: Junk Code Insertion, Sub-technique T1027.016 - Enterprise | MITRE... sub techniquefilesinformationjunkcode https://attack.mitre.org/techniques/T1059/004/ Command and Scripting Interpreter: Unix Shell, Sub-technique T1059.004 - Enterprise | MITRE ATT&CK® enterprise mitre attunix shellsub techniquecommandscripting https://attack.mitre.org/techniques/T1218/007/ System Binary Proxy Execution: Msiexec, Sub-technique T1218.007 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1037/001/ Boot or Logon Initialization Scripts: Logon Script (Windows), Sub-technique T1037.001 - Enterprise... sub techniquebootlogoninitializationscripts https://attack.mitre.org/techniques/T1021/001/ Remote Services: Remote Desktop Protocol, Sub-technique T1021.001 - Enterprise | MITRE ATT&CK® enterprise mitre attremote servicessub techniquedesktopprotocol https://attack.mitre.org/techniques/T1069/001/ Permission Groups Discovery: Local Groups, Sub-technique T1069.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquepermissiongroupsdiscovery https://attack.mitre.org/techniques/T1598/003/ Phishing for Information: Spearphishing Link, Sub-technique T1598.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquephishinginformation https://attack.mitre.org/techniques/T1218/015/ System Binary Proxy Execution: Electron Applications, Sub-technique T1218.015 - Enterprise | MITRE... proxy executionsub techniquesystembinaryelectron https://attack.mitre.org/techniques/T1564/001/ Hide Artifacts: Hidden Files and Directories, Sub-technique T1564.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquehideartifactshidden https://attack.mitre.org/techniques/T1036/004/ Masquerading: Masquerade Task or Service, Sub-technique T1036.004 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniquemasqueradetaskservice https://attack.mitre.org/techniques/T1684/001/ Social Engineering: Impersonation, Sub-technique T1684.001 - Enterprise | MITRE ATT&CK® enterprise mitre attsocial engineeringsub techniqueimpersonation https://attack.mitre.org/techniques/T1614/001/ System Location Discovery: System Language Discovery, Sub-technique T1614.001 - Enterprise | MITRE... sub techniquesystemlocationdiscoverylanguage https://attack.mitre.org/techniques/T1114/002/ Email Collection: Remote Email Collection, Sub-technique T1114.002 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueemailcollectionremote https://attack.mitre.org/techniques/T1655/001/ Masquerading: Match Legitimate Name or Location, Sub-technique T1655.001 - Mobile | MITRE ATT&CK® sub techniquemitre attmatchlegitimatename https://attack.mitre.org/techniques/T1559/002/ Inter-Process Communication: Dynamic Data Exchange, Sub-technique T1559.002 - Enterprise | MITRE... process communicationdynamic datasub techniqueinterexchange https://attack.mitre.org/techniques/T1027/002/ Obfuscated Files or Information: Software Packing, Sub-technique T1027.002 - Enterprise | MITRE... information softwaresub techniquefilespackingenterprise https://attack.mitre.org/techniques/T1588/006/ Obtain Capabilities: Vulnerabilities, Sub-technique T1588.006 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueobtaincapabilitiesvulnerabilities https://attack.mitre.org/techniques/T1686/003/ Disable or Modify System Firewall: Windows Host Firewall, Sub-technique T1686.003 - Enterprise |... sub techniquedisablemodifysystemfirewall https://attack.mitre.org/techniques/T1218/010/ System Binary Proxy Execution: Regsvr32, Sub-technique T1218.010 - Enterprise | MITRE ATT&CK® enterprise mitre attproxy executionsub techniquesystembinary https://attack.mitre.org/techniques/T1685/001/ Disable or Modify Tools: Disable or Modify Windows Event Log, Sub-technique T1685.001 - Enterprise... windows eventsub techniquedisablemodifytools https://attack.mitre.org/techniques/T1003/003/ OS Credential Dumping: NTDS, Sub-technique T1003.003 - Enterprise | MITRE ATT&CK® enterprise mitre attsub techniqueoscredentialdumping https://attack.mitre.org/techniques/T1552/004/ Unsecured Credentials: Private Keys, Sub-technique T1552.004 - Enterprise | MITRE ATT&CK® enterprise mitre attprivate keyssub techniqueunsecuredcredentials https://attack.mitre.org/techniques/T1547/013/ Boot or Logon Autostart Execution: XDG Autostart Entries, Sub-technique T1547.013 - Enterprise |... sub techniquebootlogonautostartexecution