MITRE ATTA&CK の日本語化プロジェクトです。(非公式)粛々と翻訳しています。(transifex)

本家はこちらです。 MITRE ATT&CK


Enterprise Matrix

Below are the tactics and technique representing the MITRE ATT&CK Matrix™ for Enterprise. The Matrix contains information for the following platforms: Windows, macOS, Linux, AWS, GCP, Azure, Azure AD, Office 365, SaaS.

Last Modified: 2019-10-09 18:48:31.906000

Initial Access 

初期のアクセス

Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact

Drive-by Compromise

Web閲覧による感染

AppleScript

.bash_profile and .bashrc

.bash_profile と .bashrc

Access Token Manipulation

アクセストークンの操作

Access Token Manipulation

アクセストークンの操作

Account Manipulation

アカウント操作 

Account Discovery

アカウントの探索

AppleScript Audio Capture Commonly Used Port Automated Exfiltration

Account Access Removal

アカウントアクセスの削除

Exploit Public-Facing Application

外部公開されたアプリケーションへの攻撃

CMSTP

Accessibility Features

アクセシビリティ機能

Accessibility Features

アクセシビリティ機能

Application Access Token Bash History Application Window Discovery Application Access Token Automated Collection Communication Through Removable Media Data Compressed Data Destruction

External Remote Services

外部リモートサービス

Command-Line Interface

Account Manipulation

アカウント操作 

AppCert DLLs Binary Padding

Brute Force

ブルートフォース

Browser Bookmark Discovery Application Deployment Software Clipboard Data Connection Proxy Data Encrypted Data Encrypted for Impact
Hardware Additions Compiled HTML File AppCert DLLs AppInit DLLs BITS Jobs Cloud Instance Metadata API Cloud Service Dashboard Component Object Model and Distributed COM Data from Cloud Storage Object Custom Command and Control Protocol Data Transfer Size Limits Defacement

Replication Through Removable Media

リムーバブルメディアを介した複製

Component Object Model and Distributed COM AppInit DLLs Application Shimming Bypass User Account Control Credential Dumping Cloud Service Discovery Exploitation of Remote Services Data from Information Repositories Custom Cryptographic Protocol Exfiltration Over Alternative Protocol Disk Content Wipe
Spearphishing Attachment Control Panel Items Application Shimming Bypass User Account Control Clear Command History Credentials from Web Browsers Domain Trust Discovery Internal Spearphishing Data from Local System Data Encoding Exfiltration Over Command and Control Channel Disk Structure Wipe
Spearphishing Link Dynamic Data Exchange Authentication Package DLL Search Order Hijacking CMSTP Credentials in Files File and Directory Discovery Logon Scripts Data from Network Shared Drive Data Obfuscation Exfiltration Over Other Network Medium Endpoint Denial of Service
Spearphishing via Service Execution through API BITS Jobs Dylib Hijacking Code Signing Credentials in Registry Network Service Scanning Pass the Hash Data from Removable Media Domain Fronting Exfiltration Over Physical Medium Firmware Corruption
Supply Chain Compromise Execution through Module Load Bootkit Elevated Execution with Prompt Compile After Delivery Exploitation for Credential Access Network Share Discovery Pass the Ticket Data Staged Domain Generation Algorithms Scheduled Transfer Inhibit System Recovery
Trusted Relationship Exploitation for Client Execution Browser Extensions Emond Compiled HTML File Forced Authentication Network Sniffing Remote Desktop Protocol Email Collection Fallback Channels Transfer Data to Cloud Account Network Denial of Service

Valid Accounts

正当なアカウント

Graphical User Interface Change Default File Association Exploitation for Privilege Escalation Component Firmware Hooking Password Policy Discovery Remote File Copy Input Capture Multi-hop Proxy   Resource Hijacking
  InstallUtil Component Firmware Extra Window Memory Injection Component Object Model Hijacking Input Capture Peripheral Device Discovery Remote Services Man in the Browser Multi-Stage Channels   Runtime Data Manipulation
  Launchctl Component Object Model Hijacking File System Permissions Weakness Connection Proxy Input Prompt Permission Groups Discovery

Replication Through Removable Media

リムーバブルメディアを介した複製

Screen Capture Multiband Communication   Service Stop
  Local Job Scheduling Create Account Hooking Control Panel Items Kerberoasting Process Discovery Shared Webroot Video Capture Multilayer Encryption   Stored Data Manipulation
  LSASS Driver DLL Search Order Hijacking Image File Execution Options Injection DCShadow Keychain Query Registry SSH Hijacking   Port Knocking   System Shutdown/Reboot
  Mshta Dylib Hijacking Launch Daemon Deobfuscate/Decode Files or Information LLMNR/NBT-NS Poisoning and Relay Remote System Discovery Taint Shared Content   Remote Access Tools   Transmitted Data Manipulation
  PowerShell Emond New Service Disabling Security Tools Network Sniffing Security Software Discovery Third-party Software   Remote File Copy    
  Regsvcs/Regasm

External Remote Services

外部リモートサービス

Parent PID Spoofing DLL Search Order Hijacking Password Filter DLL Software Discovery Web Session Cookie   Standard Application Layer Protocol    
  Regsvr32 File System Permissions Weakness Path Interception DLL Side-Loading Private Keys System Information Discovery Windows Admin Shares
Windowsの管理共有
  Standard Cryptographic Protocol    
  Rundll32 Hidden Files and Directories Plist Modification Execution Guardrails Securityd Memory System Network Configuration Discovery Windows Remote Management   Standard Non-Application Layer Protocol    
  Scheduled Task Hooking Port Monitors Exploitation for Defense Evasion Steal Application Access Token System Network Connections Discovery     Uncommonly Used Port    
  Scripting Hypervisor PowerShell Profile Extra Window Memory Injection Steal Web Session Cookie

System Owner/User Discovery

システムオーナー/ユーザの探索

    Web Service    
  Service Execution Image File Execution Options Injection Process Injection File and Directory Permissions Modification Two-Factor Authentication Interception System Service Discovery          
  Signed Binary Proxy Execution Implant Container Image Scheduled Task File Deletion   System Time Discovery          
  Signed Script Proxy Execution Kernel Modules and Extensions Service Registry Permissions Weakness File System Logical Offsets   Virtualization/Sandbox Evasion          
  Source Launch Agent Setuid and Setgid Gatekeeper Bypass              
  Space after Filename Launch Daemon SID-History Injection Group Policy Modification              
  Third-party Software Launchctl Startup Items Hidden Files and Directories              
  Trap LC_LOAD_DYLIB Addition Sudo Hidden Users              
  Trusted Developer Utilities Local Job Scheduling Sudo Caching Hidden Window              
  User Execution Login Item

Valid Accounts

正当なアカウント

HISTCONTROL              
  Windows Management Instrumentation Logon Scripts Web Shell Image File Execution Options Injection              
  Windows Remote Management LSASS Driver   Indicator Blocking              
  XSL Script Processing Modify Existing Service   Indicator Removal from Tools              
    Netsh Helper DLL   Indicator Removal on Host              
    New Service   Indirect Command Execution              
    Office Application Startup   Install Root Certificate              
    Path Interception   InstallUtil              
    Plist Modification   Launchctl              
    Port Knocking   LC_MAIN Hijacking              
    Port Monitors   Masquerading              
    PowerShell Profile   Modify Registry              
    Rc.common   Mshta              
    Re-opened Applications   Network Share Connection Removal              
    Redundant Access   NTFS File Attributes              
    Registry Run Keys / Startup Folder   Obfuscated Files or Information              
    Scheduled Task   Parent PID Spoofing              
    Screensaver   Plist Modification              
    Security Support Provider   Port Knocking              
    Server Software Component   Process Doppelgänging              
    Service Registry Permissions Weakness   Process Hollowing              
    Setuid and Setgid   Process Injection              
    Shortcut Modification   Redundant Access              
    SIP and Trust Provider Hijacking   Regsvcs/Regasm              
    Startup Items   Regsvr32              
    System Firmware   Revert Cloud Instance              
    Systemd Service   Rootkit              
    Time Providers   Rundll32              
    Trap   Scripting              
   

Valid Accounts

正当なアカウント

  Signed Binary Proxy Execution              
    Web Shell   Signed Script Proxy Execution              
    Windows Management Instrumentation Event Subscription   SIP and Trust Provider Hijacking              
    Winlogon Helper DLL   Software Packing              
        Space after Filename              
        Template Injection              
        Timestomp              
        Trusted Developer Utilities              
        Unused/Unsupported Cloud Regions              
       

Valid Accounts

正当なアカウント

             
        Virtualization/Sandbox Evasion              
        Web Service              
        Web Session Cookie              
        XSL Script Processing