Drive-by Compromise
Web閲覧による感染
|
AppleScript
AppleScript
|
.bash_profile and
.bashrc
.bash_profile と .bashrc
|
Access Token Manipulation
アクセストークンの操作
|
Access
Token Manipulation
アクセストークンの操作
|
Account
Manipulation
アカウント操作
|
Account Discovery
アカウントの探索
|
AppleScript
|
Audio Capture
|
Commonly Used
Port
|
Automated
Exfiltration
|
Account Access Removal
アカウントアクセスの削除
|
Exploit Public-Facing Application
外部公開されたアプリケーションへの攻撃
|
CMSTP
CMSTP
|
Accessibility
Features
アクセシビリティ機能
|
Accessibility Features
アクセシビリティ機能
|
Application
Access Token
|
Bash History
|
Application Window
Discovery
|
Application
Access Token
|
Automated Collection
|
Communication Through Removable Media
|
Data Compressed
|
Data Destruction
|
External
Remote Services
外部のリモートサービス
|
Command-Line Interface
コマンドラインインターフェース
|
Account Manipulation
アカウント操作
|
AppCert DLLs
|
Binary Padding
|
Brute Force
ブルートフォース
|
Browser Bookmark
Discovery
|
Application Deployment Software
|
Clipboard Data
|
Connection Proxy
|
Data Encrypted
|
Data Encrypted for Impact
|
Hardware Additions
ハードウェアの追加
|
Compiled HTML File
|
AppCert DLLs
|
AppInit DLLs
|
BITS Jobs
|
Cloud
Instance Metadata API
|
Cloud Service Dashboard
|
Component Object Model and Distributed COM
|
Data from
Cloud Storage Object
|
Custom Command and Control Protocol
|
Data Transfer Size
Limits
|
Defacement
|
Replication Through Removable Media
リムーバブルメディアを介した複製
|
Component Object Model and Distributed COM
|
AppInit DLLs
|
Application
Shimming
|
Bypass
User Account Control
|
Credential Dumping
|
Cloud Service Discovery
|
Exploitation of Remote Services
|
Data
from Information Repositories
|
Custom Cryptographic Protocol
|
Exfiltration Over Alternative Protocol
|
Disk Content Wipe
|
Spearphishing
Attachment
添付ファイル型スピアフィッシング
|
Control Panel Items
|
Application Shimming
|
Bypass User Account Control
|
Clear Command
History
|
Credentials from Web Browsers
|
Domain Trust Discovery
|
Internal
Spearphishing
|
Data from Local System
|
Data Encoding
|
Exfiltration Over Command and Control Channel
|
Disk Structure Wipe
|
Spearphishing Link
リンク型スピアフィッシング
|
Dynamic Data Exchange
|
Authentication Package
|
DLL Search Order Hijacking
|
CMSTP
|
Credentials in
Files
|
File and Directory
Discovery
|
Logon Scripts
|
Data from
Network Shared Drive
|
Data Obfuscation
|
Exfiltration Over Other Network Medium
|
Endpoint Denial of
Service
|
Spearphishing via Service
サービスを利用したスピアフィッシング
|
Execution through API
|
BITS Jobs
|
Dylib Hijacking
|
Code Signing
|
Credentials
in Registry
|
Network Service
Scanning
|
Pass the Hash
|
Data from Removable
Media
|
Domain Fronting
|
Exfiltration Over Physical Medium
|
Firmware Corruption
|
Supply Chain
Compromise
サプライチェーンの侵害
|
Execution through
Module Load
|
Bootkit
|
Elevated Execution with Prompt
|
Compile After
Delivery
|
Exploitation for Credential Access
|
Network Share Discovery
|
Pass the Ticket
|
Data Staged
|
Domain Generation Algorithms
|
Scheduled Transfer
|
Inhibit System Recovery
|
Trusted
Relationship
信頼関係
|
Exploitation for Client Execution
|
Browser Extensions
|
Emond
|
Compiled HTML File
|
Forced
Authentication
|
Network Sniffing
|
Remote Desktop
Protocol
|
Email Collection
|
Fallback Channels
|
Transfer
Data to Cloud Account
|
Network Denial of Service
|
Valid Accounts
正当なアカウント
|
Graphical User
Interface
|
Change
Default File Association
|
Exploitation for Privilege Escalation
|
Component Firmware
|
Hooking
|
Password Policy
Discovery
|
Remote File Copy
|
Input Capture
|
Multi-hop Proxy
|
|
Resource Hijacking
|
|
InstallUtil
|
Component Firmware
|
|
Component Object Model Hijacking
|
Input Capture
|
Peripheral Device
Discovery
|
Remote Services
|
Man in the Browser
|
Multi-Stage
Channels
|
|
Runtime Data Manipulation
|
|
Launchctl
|
Component Object Model Hijacking
|
File System Permissions Weakness
|
Connection Proxy
|
Input Prompt
|
Permission Groups
Discovery
|
Replication Through Removable Media
リムーバブルメディアを介した複製
|
Screen Capture
|
Multiband
Communication
|
|
Service Stop
|
|
Local Job Scheduling
|
Create Account
|
Hooking
|
Control Panel Items
|
Kerberoasting
|
Process Discovery
|
Shared Webroot
|
Video Capture
|
Multilayer
Encryption
|
|
Stored Data Manipulation
|
|
LSASS Driver
|
DLL Search Order
Hijacking
|
Image File Execution Options Injection
|
DCShadow
|
Keychain
|
Query Registry
|
SSH Hijacking
|
|
Port Knocking
|
|
System Shutdown/Reboot
|
|
Mshta
|
Dylib Hijacking
|
Launch Daemon
|
Deobfuscate/Decode Files or Information
|
LLMNR/NBT-NS Poisoning and Relay
|
Remote System Discovery
|
Taint Shared
Content
|
|
Remote Access
Tools
|
|
Transmitted Data
Manipulation
|
|
PowerShell
|
Emond
|
New Service
|
Disabling
Security Tools
|
Network Sniffing
|
Security Software
Discovery
|
Third-party
Software
|
|
Remote File Copy
|
|
|
|
Regsvcs/Regasm
|
External Remote
Services
外部リモートサービス
|
Parent PID
Spoofing
|
DLL Search
Order Hijacking
|
Password Filter
DLL
|
Software Discovery
|
Web Session Cookie
|
|
Standard Application Layer Protocol
|
|
|
|
Regsvr32
|
File
System Permissions Weakness
|
Path
Interception
|
DLL Side-Loading
|
Private Keys
|
System Information
Discovery
|
Windows Admin
Shares
Windowsの管理共有
|
|
Standard Cryptographic Protocol
|
|
|
|
Rundll32
|
Hidden Files
and Directories
|
Plist
Modification
|
Execution
Guardrails
|
Securityd Memory
|
System Network Configuration Discovery
|
Windows
Remote Management
|
|
Standard Non-Application Layer Protocol
|
|
|
|
Scheduled Task
|
Hooking
|
Port Monitors
|
Exploitation for Defense Evasion
|
Steal Application Access Token
|
System Network Connections Discovery
|
|
|
Uncommonly Used
Port
|
|
|
|
Scripting
|
Hypervisor
|
PowerShell
Profile
|
|
Steal Web
Session Cookie
|
System Owner/User
Discovery
システムオーナー/ユーザの探索
|
|
|
Web Service
|
|
|
|
Service Execution
|
Image File Execution Options Injection
|
Process
Injection
|
File and Directory Permissions Modification
|
Two-Factor Authentication Interception
|
System Service
Discovery
|
|
|
|
|
|
|
Signed Binary
Proxy Execution
|
Implant Container
Image
|
Scheduled Task
|
File Deletion
|
|
System Time Discovery
|
|
|
|
|
|
|
Signed Script
Proxy Execution
|
Kernel
Modules and Extensions
|
Service Registry Permissions Weakness
|
File
System Logical Offsets
|
|
Virtualization/Sandbox Evasion
|
|
|
|
|
|
|
Source
|
Launch Agent
|
Setuid and
Setgid
|
Gatekeeper Bypass
|
|
|
|
|
|
|
|
|
Space after Filename
|
Launch Daemon
|
SID-History
Injection
|
Group Policy
Modification
|
|
|
|
|
|
|
|
|
Third-party Software
|
Launchctl
|
Startup Items
|
Hidden
Files and Directories
|
|
|
|
|
|
|
|
|
Trap
|
LC_LOAD_DYLIB Addition
|
Sudo
|
Hidden Users
|
|
|
|
|
|
|
|
|
Trusted Developer
Utilities
|
Local Job Scheduling
|
Sudo Caching
|
Hidden Window
|
|
|
|
|
|
|
|
|
User Execution
|
Login Item
|
Valid Accounts
正当なアカウント
|
HISTCONTROL
|
|
|
|
|
|
|
|
|
Windows
Management Instrumentation
|
Logon Scripts
|
Web Shell
|
Image File Execution Options Injection
|
|
|
|
|
|
|
|
|
Windows Remote
Management
|
LSASS Driver
|
|
Indicator Blocking
|
|
|
|
|
|
|
|
|
XSL Script Processing
|
Modify Existing
Service
|
|
Indicator Removal from Tools
|
|
|
|
|
|
|
|
|
|
Netsh Helper DLL
|
|
Indicator
Removal on Host
|
|
|
|
|
|
|
|
|
|
New Service
|
|
Indirect
Command Execution
|
|
|
|
|
|
|
|
|
|
Office Application
Startup
|
|
Install Root
Certificate
|
|
|
|
|
|
|
|
|
|
Path Interception
|
|
InstallUtil
|
|
|
|
|
|
|
|
|
|
Plist Modification
|
|
Launchctl
|
|
|
|
|
|
|
|
|
|
Port Knocking
|
|
LC_MAIN Hijacking
|
|
|
|
|
|
|
|
|
|
Port Monitors
|
|
Masquerading
|
|
|
|
|
|
|
|
|
|
PowerShell Profile
|
|
Modify Registry
|
|
|
|
|
|
|
|
|
|
Rc.common
|
|
Mshta
|
|
|
|
|
|
|
|
|
|
Re-opened Applications
|
|
Network Share Connection Removal
|
|
|
|
|
|
|
|
|
|
Redundant Access
|
|
NTFS File
Attributes
|
|
|
|
|
|
|
|
|
|
Registry Run Keys / Startup Folder
|
|
Obfuscated Files or Information
|
|
|
|
|
|
|
|
|
|
Scheduled Task
|
|
Parent PID Spoofing
|
|
|
|
|
|
|
|
|
|
Screensaver
|
|
Plist Modification
|
|
|
|
|
|
|
|
|
|
Security Support
Provider
|
|
Port Knocking
|
|
|
|
|
|
|
|
|
|
Server Software
Component
|
|
Process
Doppelgänging
|
|
|
|
|
|
|
|
|
|
Service Registry Permissions Weakness
|
|
Process Hollowing
|
|
|
|
|
|
|
|
|
|
Setuid and Setgid
|
|
Process Injection
|
|
|
|
|
|
|
|
|
|
Shortcut Modification
|
|
Redundant Access
|
|
|
|
|
|
|
|
|
|
SIP and
Trust Provider Hijacking
|
|
Regsvcs/Regasm
|
|
|
|
|
|
|
|
|
|
Startup Items
|
|
Regsvr32
|
|
|
|
|
|
|
|
|
|
System Firmware
|
|
Revert Cloud
Instance
|
|
|
|
|
|
|
|
|
|
Systemd Service
|
|
Rootkit
|
|
|
|
|
|
|
|
|
|
Time Providers
|
|
Rundll32
|
|
|
|
|
|
|
|
|
|
Trap
|
|
Scripting
|
|
|
|
|
|
|
|
|
|
Valid Accounts
正当なアカウント
|
|
Signed Binary Proxy Execution
|
|
|
|
|
|
|
|
|
|
Web Shell
|
|
Signed Script Proxy Execution
|
|
|
|
|
|
|
|
|
|
Windows Management Instrumentation Event Subscription
|
|
SIP and Trust Provider Hijacking
|
|
|
|
|
|
|
|
|
|
Winlogon Helper DLL
|
|
Software Packing
|
|
|
|
|
|
|
|
|
|
|
|
Space after
Filename
|
|
|
|
|
|
|
|
|
|
|
|
Template Injection
|
|
|
|
|
|
|
|
|
|
|
|
Timestomp
|
|
|
|
|
|
|
|
|
|
|
|
Trusted
Developer Utilities
|
|
|
|
|
|
|
|
|
|
|
|
Unused/Unsupported Cloud Regions
|
|
|
|
|
|
|
|
|
|
|
|
Valid Accounts
正当なアカウント
|
|
|
|
|
|
|
|
|
|
|
|
Virtualization/Sandbox Evasion
|
|
|
|
|
|
|
|
|
|
|
|
Web Service
|
|
|
|
|
|
|
|
|
|
|
|
Web Session Cookie
|
|
|
|
|
|
|
|
|
|
|
|
XSL Script
Processing
|
|
|
|
|
|
|
|