Skip to content

Latest commit

 

History

History
34 lines (18 loc) · 2.29 KB

README.md

File metadata and controls

34 lines (18 loc) · 2.29 KB

List of common T1 and SO(s) used by Threat groups

  • Application Layer Protocol: Adversaries use application layer protocols for communication and data transfer within a target network.

  • Boot or Logon Autostart Execution: This technique involves configuring mechanisms for executing malicious code during system boot or login.

  • Command and Scripting Interpreter: Adversaries use interpreters to execute commands, scripts, or code on a victim's system.

  • Shortcut Modification: Modification of shortcut files (.lnk) to execute malicious commands when accessed.

  • Remote File Copy: Copying files from a remote system to the local system for lateral movement or data exfiltration.

  • Masquerading: Adversaries attempt to masquerade as legitimate entities or software to evade detection.

  • Obfuscated Files or Information: Adversaries use obfuscation techniques to hide or protect malicious code, scripts, or other data.

  • Phishing: Adversaries use phishing emails or messages to deliver malicious payloads or trick victims into revealing sensitive information.

  • Service Stop: Attackers stop or disable essential services or processes to disrupt or compromise a target system.

  • System Information Discovery: Adversaries gather information about the target system, such as hardware, software, or network configurations.

  • System Owner/User Discovery: This technique involves adversaries identifying and gathering information about the system owner or user accounts on a target system.

  • User Execution: Adversaries rely on user interactions, such as opening malicious attachments or clicking on links, to execute malicious code.

  • Abuse Elevation Control Mechanism: Attackers exploit mechanisms designed to control privilege elevation to gain higher levels of access.

  • Data from Information Repositories: Adversaries search for and steal sensitive information stored in information repositories.

  • Signed Binary Proxy Execution: This technique involves the use of signed binaries to proxy execution of malicious code.

  • System Network Configuration Discovery: Adversaries gather information about the network configuration of a target system. #image