Enterprise Matrix

Below are the tactics and technique representing the MITRE ATT&CK Matrix™ for Enterprise. The Matrix contains information for the following platforms: Windows, macOS, Linux, AWS, GCP, Azure, Azure AD, Office 365, SaaS.

Last Modified: 2019-10-09 18:48:31.906000

Initial Access　初期のアクセス	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Drive-by Compromise Web閲覧による感染	AppleScript	.bash_profile and .bashrc .bash_profile と .bashrc	Access Token Manipulation アクセストークンの操作	Access Token Manipulation アクセストークンの操作	Account Manipulation アカウント操作	Account Discovery アカウントの探索	AppleScript	Audio Capture	Commonly Used Port	Automated Exfiltration	Account Access Removal アカウントアクセスの削除
Exploit Public-Facing Application 外部公開されたアプリケーションへの攻撃	CMSTP	Accessibility Features アクセシビリティ機能	Accessibility Features アクセシビリティ機能	Application Access Token	Bash History	Application Window Discovery	Application Access Token	Automated Collection	Communication Through Removable Media	Data Compressed	Data Destruction
External Remote Services 外部リモートサービス	Command-Line Interface	Account Manipulation アカウント操作	AppCert DLLs	Binary Padding	Brute Force ブルートフォース	Browser Bookmark Discovery	Application Deployment Software	Clipboard Data	Connection Proxy	Data Encrypted	Data Encrypted for Impact
Hardware Additions	Compiled HTML File	AppCert DLLs	AppInit DLLs	BITS Jobs	Cloud Instance Metadata API	Cloud Service Dashboard	Component Object Model and Distributed COM	Data from Cloud Storage Object	Custom Command and Control Protocol	Data Transfer Size Limits	Defacement
Replication Through Removable Media リムーバブルメディアを介した複製	Component Object Model and Distributed COM	AppInit DLLs	Application Shimming	Bypass User Account Control	Credential Dumping	Cloud Service Discovery	Exploitation of Remote Services	Data from Information Repositories	Custom Cryptographic Protocol	Exfiltration Over Alternative Protocol	Disk Content Wipe
Spearphishing Attachment	Control Panel Items	Application Shimming	Bypass User Account Control	Clear Command History	Credentials from Web Browsers	Domain Trust Discovery	Internal Spearphishing	Data from Local System	Data Encoding	Exfiltration Over Command and Control Channel	Disk Structure Wipe
Spearphishing Link	Dynamic Data Exchange	Authentication Package	DLL Search Order Hijacking	CMSTP	Credentials in Files	File and Directory Discovery	Logon Scripts	Data from Network Shared Drive	Data Obfuscation	Exfiltration Over Other Network Medium	Endpoint Denial of Service
Spearphishing via Service	Execution through API	BITS Jobs	Dylib Hijacking	Code Signing	Credentials in Registry	Network Service Scanning	Pass the Hash	Data from Removable Media	Domain Fronting	Exfiltration Over Physical Medium	Firmware Corruption
Supply Chain Compromise	Execution through Module Load	Bootkit	Elevated Execution with Prompt	Compile After Delivery	Exploitation for Credential Access	Network Share Discovery	Pass the Ticket	Data Staged	Domain Generation Algorithms	Scheduled Transfer	Inhibit System Recovery
Trusted Relationship	Exploitation for Client Execution	Browser Extensions	Emond	Compiled HTML File	Forced Authentication	Network Sniffing	Remote Desktop Protocol	Email Collection	Fallback Channels	Transfer Data to Cloud Account	Network Denial of Service
Valid Accounts 正当なアカウント	Graphical User Interface	Change Default File Association	Exploitation for Privilege Escalation	Component Firmware	Hooking	Password Policy Discovery	Remote File Copy	Input Capture	Multi-hop Proxy		Resource Hijacking
	InstallUtil	Component Firmware	Extra Window Memory Injection	Component Object Model Hijacking	Input Capture	Peripheral Device Discovery	Remote Services	Man in the Browser	Multi-Stage Channels		Runtime Data Manipulation
	Launchctl	Component Object Model Hijacking	File System Permissions Weakness	Connection Proxy	Input Prompt	Permission Groups Discovery	Replication Through Removable Media リムーバブルメディアを介した複製	Screen Capture	Multiband Communication		Service Stop
	Local Job Scheduling	Create Account	Hooking	Control Panel Items	Kerberoasting	Process Discovery	Shared Webroot	Video Capture	Multilayer Encryption		Stored Data Manipulation
	LSASS Driver	DLL Search Order Hijacking	Image File Execution Options Injection	DCShadow	Keychain	Query Registry	SSH Hijacking		Port Knocking		System Shutdown/Reboot
	Mshta	Dylib Hijacking	Launch Daemon	Deobfuscate/Decode Files or Information	LLMNR/NBT-NS Poisoning and Relay	Remote System Discovery	Taint Shared Content		Remote Access Tools		Transmitted Data Manipulation
	PowerShell	Emond	New Service	Disabling Security Tools	Network Sniffing	Security Software Discovery	Third-party Software		Remote File Copy
	Regsvcs/Regasm	External Remote Services 外部リモートサービス	Parent PID Spoofing	DLL Search Order Hijacking	Password Filter DLL	Software Discovery	Web Session Cookie		Standard Application Layer Protocol
	Regsvr32	File System Permissions Weakness	Path Interception	DLL Side-Loading	Private Keys	System Information Discovery	Windows Admin Shares Windowsの管理共有		Standard Cryptographic Protocol
	Rundll32	Hidden Files and Directories	Plist Modification	Execution Guardrails	Securityd Memory	System Network Configuration Discovery	Windows Remote Management		Standard Non-Application Layer Protocol
	Scheduled Task	Hooking	Port Monitors	Exploitation for Defense Evasion	Steal Application Access Token	System Network Connections Discovery			Uncommonly Used Port
	Scripting	Hypervisor	PowerShell Profile	Extra Window Memory Injection	Steal Web Session Cookie	System Owner/User Discovery システムオーナー/ユーザの探索			Web Service
	Service Execution	Image File Execution Options Injection	Process Injection	File and Directory Permissions Modification	Two-Factor Authentication Interception	System Service Discovery
	Signed Binary Proxy Execution	Implant Container Image	Scheduled Task	File Deletion		System Time Discovery
	Signed Script Proxy Execution	Kernel Modules and Extensions	Service Registry Permissions Weakness	File System Logical Offsets		Virtualization/Sandbox Evasion
	Source	Launch Agent	Setuid and Setgid	Gatekeeper Bypass
	Space after Filename	Launch Daemon	SID-History Injection	Group Policy Modification
	Third-party Software	Launchctl	Startup Items	Hidden Files and Directories
	Trap	LC_LOAD_DYLIB Addition	Sudo	Hidden Users
	Trusted Developer Utilities	Local Job Scheduling	Sudo Caching	Hidden Window
	User Execution	Login Item	Valid Accounts 正当なアカウント	HISTCONTROL
	Windows Management Instrumentation	Logon Scripts	Web Shell	Image File Execution Options Injection
	Windows Remote Management	LSASS Driver		Indicator Blocking
	XSL Script Processing	Modify Existing Service		Indicator Removal from Tools
		Netsh Helper DLL		Indicator Removal on Host
		New Service		Indirect Command Execution
		Office Application Startup		Install Root Certificate
		Path Interception		InstallUtil
		Plist Modification		Launchctl
		Port Knocking		LC_MAIN Hijacking
		Port Monitors		Masquerading
		PowerShell Profile		Modify Registry
		Rc.common		Mshta
		Re-opened Applications		Network Share Connection Removal
		Redundant Access		NTFS File Attributes
		Registry Run Keys / Startup Folder		Obfuscated Files or Information
		Scheduled Task		Parent PID Spoofing
		Screensaver		Plist Modification
		Security Support Provider		Port Knocking
		Server Software Component		Process Doppelgänging
		Service Registry Permissions Weakness		Process Hollowing
		Setuid and Setgid		Process Injection
		Shortcut Modification		Redundant Access
		SIP and Trust Provider Hijacking		Regsvcs/Regasm
		Startup Items		Regsvr32
		System Firmware		Revert Cloud Instance
		Systemd Service		Rootkit
		Time Providers		Rundll32
		Trap		Scripting
		Valid Accounts 正当なアカウント		Signed Binary Proxy Execution
		Web Shell		Signed Script Proxy Execution
		Windows Management Instrumentation Event Subscription		SIP and Trust Provider Hijacking
		Winlogon Helper DLL		Software Packing
				Space after Filename
				Template Injection
				Timestomp
				Trusted Developer Utilities
				Unused/Unsupported Cloud Regions
				Valid Accounts 正当なアカウント
				Virtualization/Sandbox Evasion
				Web Service
				Web Session Cookie
				XSL Script Processing