2017-08-16 12:17:00 +02:00
|
|
|
{
|
2017-10-26 10:28:53 +02:00
|
|
|
"description": "ATT&CK Tactic",
|
2018-05-20 09:45:18 +02:00
|
|
|
"icon": "map",
|
2019-02-14 10:51:05 +01:00
|
|
|
"kill_chain_order": {
|
2024-05-13 11:07:34 +02:00
|
|
|
"attack-Azure-AD": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Containers": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Google-Workspace": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-IaaS": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Linux": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"command-and-control",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Network": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"command-and-control",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Office-365": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-PRE": [
|
2022-03-31 08:59:42 +02:00
|
|
|
"reconnaissance",
|
2024-05-13 11:07:34 +02:00
|
|
|
"resource-development"
|
|
|
|
],
|
|
|
|
"attack-SaaS": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-Windows": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"command-and-control",
|
|
|
|
"exfiltration",
|
|
|
|
"impact"
|
|
|
|
],
|
|
|
|
"attack-macOS": [
|
2019-02-14 10:51:05 +01:00
|
|
|
"initial-access",
|
2019-02-15 09:13:47 +01:00
|
|
|
"execution",
|
2019-02-14 10:51:05 +01:00
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
2019-05-13 10:59:30 +02:00
|
|
|
"command-and-control",
|
2019-02-14 10:51:05 +01:00
|
|
|
"exfiltration",
|
2019-05-13 10:59:30 +02:00
|
|
|
"impact"
|
2019-02-14 10:51:05 +01:00
|
|
|
],
|
2024-05-13 11:07:34 +02:00
|
|
|
"mobile-attack-Android": [
|
|
|
|
"initial-access",
|
|
|
|
"execution",
|
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
|
|
|
"command-and-control",
|
|
|
|
"exfiltration",
|
|
|
|
"impact",
|
|
|
|
"network-effects",
|
|
|
|
"remote-service-effects"
|
|
|
|
],
|
|
|
|
"mobile-attack-iOS": [
|
2019-02-14 10:51:05 +01:00
|
|
|
"initial-access",
|
2022-03-31 08:59:42 +02:00
|
|
|
"execution",
|
2019-02-14 10:51:05 +01:00
|
|
|
"persistence",
|
|
|
|
"privilege-escalation",
|
|
|
|
"defense-evasion",
|
|
|
|
"credential-access",
|
|
|
|
"discovery",
|
|
|
|
"lateral-movement",
|
|
|
|
"collection",
|
2019-05-13 10:59:30 +02:00
|
|
|
"command-and-control",
|
2022-03-31 08:59:42 +02:00
|
|
|
"exfiltration",
|
|
|
|
"impact",
|
2019-02-15 09:13:47 +01:00
|
|
|
"network-effects",
|
|
|
|
"remote-service-effects"
|
|
|
|
],
|
2024-05-13 11:07:34 +02:00
|
|
|
"pre-attack": [
|
2019-02-15 09:13:47 +01:00
|
|
|
"priority-definition-planning",
|
|
|
|
"priority-definition-direction",
|
|
|
|
"target-selection",
|
|
|
|
"technical-information-gathering",
|
|
|
|
"people-information-gathering",
|
|
|
|
"organizational-information-gathering",
|
|
|
|
"technical-weakness-identification",
|
|
|
|
"people-weakness-identification",
|
|
|
|
"organizational-weakness-identification",
|
|
|
|
"adversary-opsec",
|
|
|
|
"establish-&-maintain-infrastructure",
|
|
|
|
"persona-development",
|
|
|
|
"build-capabilities",
|
|
|
|
"test-capabilities",
|
2024-05-13 11:07:34 +02:00
|
|
|
"stage-capabilities",
|
|
|
|
"launch",
|
|
|
|
"compromise"
|
2019-02-14 10:51:05 +01:00
|
|
|
]
|
|
|
|
},
|
2019-02-15 09:13:47 +01:00
|
|
|
"name": "Attack Pattern",
|
|
|
|
"namespace": "mitre-attack",
|
|
|
|
"type": "mitre-attack-pattern",
|
|
|
|
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
|
2024-05-13 11:07:34 +02:00
|
|
|
"version": 10
|
2017-10-26 10:28:53 +02:00
|
|
|
}
|