ホーム
ホーム
V13
Updates - April 2023
New Techniques
Acquire Access
(v1.0) T1650
Acquire Infrastructure:
Malvertising
(v1.0)
Cloud Administration Command
(v1.0)
Command and Scripting Interpreter:
Cloud API
(v1.0)
Device Driver Discovery
(v1.0)
Exfiltration Over Web Service:
Exfiltration to Text Storage Sites
(v1.0)
Impair Defenses:
Spoof Security Alerting
(v1.0)
Masquerading:
Masquerade File Type
(v1.0)
Modify Authentication Process:
Network Provider DLL
(v1.0)
Obfuscated Files or Information:
Command Obfuscation
(v1.0)
Obfuscated Files or Information:
Fileless Storage
(v1.0)
Remote Services:
Cloud Services
(v1.0)
Unsecured Credentials:
Chat Messages
(v1.0)
Major Version Changes
Browser Information Discovery
(v1.0→v2.0)
Minor Version Changes
Abuse Elevation Control Mechanism
(v1.0→v1.1)
Bypass User Account Control
(v2.0→v2.1)
Access Token Manipulation:
Create Process with Token
(v1.1→v1.2)
Access Token Manipulation:
Make and Impersonate Token
(v1.0→v1.1)
Access Token Manipulation:
Token Impersonation/Theft
(v1.0→v1.1)
Account Access Removal
(v1.1→v1.2)
Account Discovery
(v2.3→v2.4)
Domain Account
(v1.1→v1.2)
Local Account
(v1.3→v1.4)
Account Manipulation
(v2.4→v2.5)
Additional Cloud Credentials
(v2.4→v2.5)
Additional Cloud Roles
(v2.1→v2.2)
Device Registration
(v1.0→v1.1)
SSH Authorized Keys
(v1.1→v1.2)
Acquire Infrastructure
(v1.1→v1.2)
Server
(v1.1→v1.2)
Web Services
(v1.1→v1.2)
Application Layer Protocol
(v2.0→v2.1)
Web Protocols
(v1.0→v1.1)
Application Window Discovery
(v1.2→v1.3)
Archive Collected Data:
Archive via Utility
(v1.1→v1.2)
Automated Exfiltration:
Traffic Duplication
(v1.1→v1.2)
BITS Jobs
(v1.3→v1.4)
Brute Force
(v2.4→v2.5)
Credential Stuffing
(v1.2→v1.3)
Password Guessing
(v1.3→v1.4)
Password Spraying
(v1.2→v1.3)
Build Image on Host
(v1.2→v1.3)
Clipboard Data
(v1.1→v1.2)
Cloud Service Discovery
(v1.2→v1.3)
Command and Scripting Interpreter
(v2.3→v2.4)
PowerShell
(v1.2→v1.3)
Visual Basic
(v1.3→v1.4)
Compromise Accounts
(v1.1→v1.2)
Email Accounts
(v1.0→v1.1)
Compromise Infrastructure
(v1.2→v1.3)
Domains
(v1.2→v1.3)
Server
(v1.1→v1.2)
Web Services
(v1.1→v1.2)
Container Administration Command
(v1.1→v1.2)
Container and Resource Discovery
(v1.0→v1.1)
Create Account
(v2.2→v2.3)
Cloud Account
(v1.2→v1.3)
Local Account
(v1.1→v1.2)
Create or Modify System Process:
Systemd Service
(v1.2→v1.3)
Create or Modify System Process:
Windows Service
(v1.2→v1.3)
Data Encoding
(v1.1→v1.2)
Data from Local System
(v1.5→v1.6)
Deobfuscate/Decode Files or Information
(v1.1→v1.2)
Deploy Container
(v1.1→v1.2)
Disk Wipe
(v1.0→v1.1)
Disk Structure Wipe
(v1.0→v1.1)
Drive-by Compromise
(v1.4→v1.5)
Email Collection
(v2.3→v2.4)
Email Forwarding Rule
(v1.2→v1.3)
Escape to Host
(v1.3→v1.4)
Event Triggered Execution:
Accessibility Features
(v1.0→v1.1)
Event Triggered Execution:
AppInit DLLs
(v1.0→v1.1)
Event Triggered Execution:
Component Object Model Hijacking
(v1.0→v1.1)
Event Triggered Execution:
Screensaver
(v1.0→v1.1)
Event Triggered Execution:
Windows Management Instrumentation Event Subscription
(v1.2→v1.3)
Exfiltration Over Alternative Protocol
(v1.3→v1.4)
Exfiltration Over Unencrypted Non-C2 Protocol
(v2.0→v2.1)
Exfiltration Over C2 Channel
(v2.1→v2.2)
Exploit Public-Facing Application
(v2.3→v2.4)
Exploitation for Privilege Escalation
(v1.4→v1.5)
File and Directory Permissions Modification:
Windows File and Directory Permissions Modification
(v1.1→v1.2)
Forge Web Credentials
(v1.2→v1.3)
Gather Victim Identity Information:
Credentials
(v1.0→v1.1)
Group Policy Discovery
(v1.0→v1.1)
Hide Artifacts:
Email Hiding Rules
(v1.1→v1.2)
Impair Defenses
(v1.3→v1.4)
Disable Cloud Logs
(v1.2→v1.3)
Disable Windows Event Logging
(v1.1→v1.2)
Disable or Modify Cloud Firewall
(v1.1→v1.2)
Disable or Modify System Firewall
(v1.0→v1.1)
Disable or Modify Tools
(v1.3→v1.4)
Indicator Blocking
(v1.1→v1.2)
Indicator Removal
(v2.0→v2.1)
Clear Command History
(v1.3→v1.4)
Clear Mailbox Data
(v1.0→v1.1)
Clear Persistence
(v1.0→v1.1)
Clear Windows Event Logs
(v1.1→v1.2)
Network Share Connection Removal
(v1.0→v1.1)
Ingress Tool Transfer
(v2.1→v2.2)
Inhibit System Recovery
(v1.1→v1.2)
Masquerading
(v1.4→v1.5)
Rename System Utilities
(v1.0→v1.1)
Modify Authentication Process
(v2.2→v2.3)
Modify Registry
(v1.2→v1.3)
Multi-Factor Authentication Interception
(v2.0→v2.1)
Network Sniffing
(v1.3→v1.4)
Non-Application Layer Protocol
(v2.1→v2.2)
Non-Standard Port
(v1.0→v1.1)
OS Credential Dumping:
LSASS Memory
(v1.1→v1.2)
OS Credential Dumping:
Proc Filesystem
(v1.0→v1.1)
Obfuscated Files or Information
(v1.3→v1.4)
Permission Groups Discovery
(v2.4→v2.5)
Cloud Groups
(v1.3→v1.4)
Domain Groups
(v1.1→v1.2)
Local Groups
(v1.1→v1.2)
Phishing
(v2.2→v2.3)
Spearphishing Link
(v2.3→v2.4)
Phishing for Information
(v1.1→v1.2)
Spearphishing Link
(v1.3→v1.4)
Process Discovery
(v1.2→v1.3)
Query Registry
(v1.2→v1.3)
Remote Services
(v1.2→v1.3)
Distributed Component Object Model
(v1.1→v1.2)
SMB/Windows Admin Shares
(v1.0→v1.1)
Scheduled Task/Job:
Container Orchestration Job
(v1.2→v1.3)
Scheduled Task/Job:
Scheduled Task
(v1.2→v1.3)
Software Discovery:
Security Software Discovery
(v1.3→v1.4)
Stage Capabilities:
Drive-by Target
(v1.2→v1.3)
Stage Capabilities:
Link Target
(v1.2→v1.3)
Stage Capabilities:
Upload Malware
(v1.1→v1.2)
Steal or Forge Authentication Certificates
(v1.0→v1.1)
System Binary Proxy Execution:
CMSTP
(v2.0→v2.1)
System Binary Proxy Execution:
Compiled HTML File
(v2.0→v2.1)
System Binary Proxy Execution:
Regsvr32
(v2.0→v2.1)
System Binary Proxy Execution:
Rundll32
(v2.0→v2.1)
System Owner/User Discovery
(v1.3→v1.4)
System Service Discovery
(v1.4→v1.5)
System Shutdown/Reboot
(v1.2→v1.3)
System Time Discovery
(v1.2→v1.3)
Unsecured Credentials
(v1.2→v1.3)
Cloud Instance Metadata API
(v1.3→v1.4)
Container API
(v1.1→v1.2)
Private Keys
(v1.0→v1.1)
Use Alternate Authentication Material:
Application Access Token
(v1.4→v1.5)
User Execution:
Malicious File
(v1.2→v1.3)
Valid Accounts
(v2.5→v2.6)
Cloud Accounts
(v1.4→v1.5)
Domain Accounts
(v1.2→v1.3)
Local Accounts
(v1.2→v1.3)
Windows Management Instrumentation
(v1.2→v1.3)
連絡先:
@amj_trans
MITRE ATT&CK 日本語化プロジェクト
トップへ戻る