Filtros e Pesquisa
Técnica Padrão
Com Atomic Tests
TA0001
Initial Access
11
T1078
Valid Accounts
T1091
1
Replication Through Removable Media
T1133
1
External Remote Services
T1189
Drive-by Compromise
T1190
Exploit Public-Facing Application
T1195
1
Supply Chain Compromise
T1199
Trusted Relationship
T1200
Hardware Additions
T1566
Phishing
T1659
Content Injection
T1669
Wi-Fi Networks
TA0002
Execution
17
T1047
10
Windows Management Instrumentation
T1053
Scheduled Task/Job
T1059
1
Command and Scripting Interpreter
T1072
3
Software Deployment Tools
T1106
5
Native API
T1129
1
Shared Modules
T1203
Exploitation for Client Execution
T1204
User Execution
T1559
5
Inter-Process Communication
T1569
System Services
T1609
2
Container Administration Command
T1610
1
Deploy Container
T1648
1
Serverless Execution
T1651
1
Cloud Administration Command
T1674
Input Injection
T1675
ESXi Administration Command
T1677
Poisoned Pipeline Execution
TA0003
Persistence
23
T1037
Boot or Logon Initialization Scripts
T1053
Scheduled Task/Job
T1078
Valid Accounts
T1098
17
Account Manipulation
T1112
90
Modify Registry
T1133
1
External Remote Services
T1136
Create Account
T1137
1
Office Application Startup
T1176
5
Software Extensions
T1197
4
BITS Jobs
T1205
Traffic Signaling
T1505
Server Software Component
T1525
Implant Internal Image
T1542
Pre-OS Boot
T1543
Create or Modify System Process
T1546
9
Event Triggered Execution
T1547
3
Boot or Logon Autostart Execution
T1554
Compromise Host Software Binary
T1556
Modify Authentication Process
T1574
Hijack Execution Flow
T1653
Power Settings
T1668
Exclusive Control
T1671
Cloud Application Integration
TA0004
Privilege Escalation
14
T1037
Boot or Logon Initialization Scripts
T1053
Scheduled Task/Job
T1055
13
Process Injection
T1068
Exploitation for Privilege Escalation
T1078
Valid Accounts
T1098
17
Account Manipulation
T1134
Access Token Manipulation
T1484
Domain or Tenant Policy Modification
T1543
Create or Modify System Process
T1546
9
Event Triggered Execution
T1547
3
Boot or Logon Autostart Execution
T1548
Abuse Elevation Control Mechanism
T1574
Hijack Execution Flow
T1611
3
Escape to Host
TA0005
Defense Evasion
47
T1006
1
Direct Volume Access
T1014
4
Rootkit
T1027
10
Obfuscated Files or Information
T1036
2
Masquerading
T1055
13
Process Injection
T1070
2
Indicator Removal
T1078
Valid Accounts
T1112
90
Modify Registry
T1127
2
Trusted Developer Utilities Proxy Execution
T1134
Access Token Manipulation
T1140
11
Deobfuscate/Decode Files or Information
T1197
4
BITS Jobs
T1202
5
Indirect Command Execution
T1205
Traffic Signaling
T1207
1
Rogue Domain Controller
T1211
Exploitation for Defense Evasion
T1216
2
System Script Proxy Execution
T1218
16
System Binary Proxy Execution
T1220
4
XSL Script Processing
T1221
1
Template Injection
T1222
3
File and Directory Permissions Modification
T1480
Execution Guardrails
T1484
Domain or Tenant Policy Modification
T1497
Virtualization/Sandbox Evasion
T1535
Unused/Unsupported Cloud Regions
T1542
Pre-OS Boot
T1548
Abuse Elevation Control Mechanism
T1550
Use Alternate Authentication Material
T1553
Subvert Trust Controls
T1556
Modify Authentication Process
T1562
3
Impair Defenses
T1564
5
Hide Artifacts
T1574
Hijack Execution Flow
T1578
Modify Cloud Compute Infrastructure
T1599
Network Boundary Bridging
T1600
Weaken Encryption
T1601
Modify System Image
T1610
1
Deploy Container
T1612
1
Build Image on Host
T1620
1
Reflective Code Loading
T1622
1
Debugger Evasion
T1647
1
Plist File Modification
T1656
Impersonation
T1666
Modify Cloud Resource Hierarchy
T1672
Email Spoofing
T1678
Delay Execution
T1679
Selective Exclusion
TA0006
Credential Access
17
T1003
7
OS Credential Dumping
T1040
16
Network Sniffing
T1056
Input Capture
T1110
Brute Force
T1111
Multi-Factor Authentication Interception
T1187
3
Forced Authentication
T1212
Exploitation for Credential Access
T1528
2
Steal Application Access Token
T1539
5
Steal Web Session Cookie
T1552
2
Unsecured Credentials
T1555
8
Credentials from Password Stores
T1556
Modify Authentication Process
T1557
Adversary-in-the-Middle
T1558
Steal or Forge Kerberos Tickets
T1606
Forge Web Credentials
T1621
Multi-Factor Authentication Request Generation
T1649
1
Steal or Forge Authentication Certificates
TA0007
Discovery
34
T1007
8
System Service Discovery
T1010
1
Application Window Discovery
T1012
6
Query Registry
T1016
9
System Network Configuration Discovery
T1018
22
Remote System Discovery
T1033
7
System Owner/User Discovery
T1040
16
Network Sniffing
T1046
12
Network Service Discovery
T1049
7
System Network Connections Discovery
T1057
9
Process Discovery
T1069
Permission Groups Discovery
T1082
40
System Information Discovery
T1083
9
File and Directory Discovery
T1087
Account Discovery
T1120
4
Peripheral Device Discovery
T1124
6
System Time Discovery
T1135
12
Network Share Discovery
T1201
12
Password Policy Discovery
T1217
11
Browser Information Discovery
T1482
8
Domain Trust Discovery
T1497
Virtualization/Sandbox Evasion
T1518
6
Software Discovery
T1526
3
Cloud Service Discovery
T1538
Cloud Service Dashboard
T1580
2
Cloud Infrastructure Discovery
T1613
2
Container and Resource Discovery
T1614
2
System Location Discovery
T1615
5
Group Policy Discovery
T1619
4
Cloud Storage Object Discovery
T1622
1
Debugger Evasion
T1652
5
Device Driver Discovery
T1654
2
Log Enumeration
T1673
Virtual Machine Discovery
T1680
Local Storage Discovery
TA0008
Lateral Movement
9
T1021
Remote Services
T1072
3
Software Deployment Tools
T1080
Taint Shared Content
T1091
1
Replication Through Removable Media
T1210
Exploitation of Remote Services
T1534
Internal Spearphishing
T1550
Use Alternate Authentication Material
T1563
Remote Service Session Hijacking
T1570
2
Lateral Tool Transfer
TA0009
Collection
17
T1005
3
Data from Local System
T1025
1
Data from Removable Media
T1039
2
Data from Network Shared Drive
T1056
Input Capture
T1074
Data Staged
T1113
10
Screen Capture
T1114
Email Collection
T1115
5
Clipboard Data
T1119
4
Automated Collection
T1123
3
Audio Capture
T1125
1
Video Capture
T1185
Browser Session Hijacking
T1213
Data from Information Repositories
T1530
2
Data from Cloud Storage
T1557
Adversary-in-the-Middle
T1560
1
Archive Collected Data
T1602
Data from Configuration Repository
TA0010
Exfiltration
9
T1011
Exfiltration Over Other Network Medium
T1020
2
Automated Exfiltration
T1029
Scheduled Transfer
T1030
2
Data Transfer Size Limits
T1041
2
Exfiltration Over C2 Channel
T1048
4
Exfiltration Over Alternative Protocol
T1052
Exfiltration Over Physical Medium
T1537
Transfer Data to Cloud Account
T1567
Exfiltration Over Web Service
TA0011
Command and Control
18
T1001
Data Obfuscation
T1008
Fallback Channels
T1071
1
Application Layer Protocol
T1090
Proxy
T1092
Communication Through Removable Media
T1095
4
Non-Application Layer Protocol
T1102
Web Service
T1104
Multi-Stage Channels
T1105
39
Ingress Tool Transfer
T1132
Data Encoding
T1205
Traffic Signaling
T1219
15
Remote Access Tools
T1568
Dynamic Resolution
T1571
2
Non-Standard Port
T1572
7
Protocol Tunneling
T1573
1
Encrypted Channel
T1659
Content Injection
T1665
Hide Infrastructure
TA0040
Impact
15
T1485
5
Data Destruction
T1486
10
Data Encrypted for Impact
T1489
8
Service Stop
T1490
13
Inhibit System Recovery
T1491
Defacement
T1495
Firmware Corruption
T1496
2
Resource Hijacking
T1498
Network Denial of Service
T1499
Endpoint Denial of Service
T1529
16
System Shutdown/Reboot
T1531
8
Account Access Removal
T1561
Disk Wipe
T1565
Data Manipulation
T1657
Financial Theft
T1667
Email Bombing
TA0042
Resource Development
8
T1583
Acquire Infrastructure
T1584
Compromise Infrastructure
T1585
Establish Accounts
T1586
Compromise Accounts
T1587
Develop Capabilities
T1588
Obtain Capabilities
T1608
Stage Capabilities
T1650
Acquire Access
TA0043
Reconnaissance
11
T1589
Gather Victim Identity Information
T1590
Gather Victim Network Information
T1591
Gather Victim Org Information
T1592
Gather Victim Host Information
T1593
Search Open Websites/Domains
T1594
Search Victim-Owned Websites
T1595
Active Scanning
T1596
Search Open Technical Databases
T1597
Search Closed Sources
T1598
Phishing for Information
T1681
Search Threat Vendor Data
