{"meta":{"status":200,"terms-of-use":"All data returned by this API is confidential and proprietary information of Tidal Cyber Inc. ('Tidal Cyber'). Use of the data returned by this API is governed by the Tidal Cyber Terms of Use, available at https://www.tidalcyber.com/terms-of-use, or, if applicable, the agreement between Tidal Cyber and the organization on behalf of which you are using this API and the information returned by this API."},"data":[{"id":"2706dc98-724b-4cf0-84b6-56cc20b0698e","name":"Reconnaissance","description":"The adversary is trying to gather information they can use to plan future operations.\n\nReconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.","ordinal_position":1,"source":"MITRE","tactic_attack_id":"TA0043","owner_name":null,"techniques":[{"id":"1bf63f68-62ec-51e4-9714-496a7a18c10f","name":"Search Threat Vendor Data","source":"MITRE","technique_attack_id":"T1681","technique_id":"6a7d29ba-ac3e-5286-9a38-8ce67208973b","owner_id":null},{"id":"0c57b186-ab1b-4ba8-b626-f0fe8074e91b","name":"Gather Victim Host Information","source":"MITRE","technique_attack_id":"T1592","technique_id":"4acf57da-73c1-4555-a86a-38ea4a8b962d","owner_id":null},{"id":"2ddb80ee-ca47-4b0d-9dc8-8b302297a2b7","name":"Digital Certificates","source":"MITRE","technique_attack_id":"T1596.003","technique_id":"8f707326-d673-43ee-b269-4b6eca5b190a","owner_id":null},{"id":"17c38ff3-ebc3-4874-9ed9-49526c8fcd82","name":"Purchase Technical Data","source":"MITRE","technique_attack_id":"T1597.002","technique_id":"56ab198f-f8bb-4fe9-bd85-5975d4d3863b","owner_id":null},{"id":"d8d32936-07f2-431e-a5fb-9d63ec705a26","name":"IP Addresses","source":"MITRE","technique_attack_id":"T1590.005","technique_id":"5c3c8da1-ed0c-4b79-9794-c2fc55588ad9","owner_id":null},{"id":"5d86e1fd-3968-4611-bf27-eb5f05922689","name":"DNS","source":"MITRE","technique_attack_id":"T1590.002","technique_id":"cb4ec901-fe61-4b44-8ad7-7d3d9a9bc809","owner_id":null},{"id":"204197f6-2d72-470a-9369-d0e1e2972e22","name":"WHOIS","source":"MITRE","technique_attack_id":"T1596.002","technique_id":"ef55dc56-f2eb-4a3b-a271-3f73b4700c89","owner_id":null},{"id":"2c717fe4-42f0-4328-a796-1142da555c0d","name":"Search Victim-Owned Websites","source":"MITRE","technique_attack_id":"T1594","technique_id":"c55c0462-d59f-4bd8-9728-05cf711917b0","owner_id":null},{"id":"1f27683b-8a37-4387-8760-f401aa1e7774","name":"DNS/Passive DNS","source":"MITRE","technique_attack_id":"T1596.001","technique_id":"758ad44d-5e29-4c7f-8dae-ddfeb5092ccb","owner_id":null},{"id":"64b872a0-ca22-46a8-8d44-8e603ccf190c","name":"Identify Business Tempo","source":"MITRE","technique_attack_id":"T1591.003","technique_id":"1f28a8a5-7231-47ad-9943-73b3cc6d05b0","owner_id":null},{"id":"43677bc0-fffc-4f86-9360-47ffd90694a6","name":"Hardware","source":"MITRE","technique_attack_id":"T1592.001","technique_id":"a5ab5108-1582-4357-b948-1c6148c7b5ce","owner_id":null},{"id":"78481438-ee3a-488a-baa7-8d3ea58b98e1","name":"Spearphishing Link","source":"MITRE","technique_attack_id":"T1598.003","technique_id":"4a68c72c-79c1-4fed-9107-75bb5b06dfc3","owner_id":null},{"id":"ef1cf807-b190-469f-b7bb-ef79bc866c1f","name":"Network Topology","source":"MITRE","technique_attack_id":"T1590.004","technique_id":"afe743a7-56b0-4ad1-bd36-dd50d64802fc","owner_id":null},{"id":"83f7779c-1907-4856-a4ea-43bf80be7aff","name":"Network Trust Dependencies","source":"MITRE","technique_attack_id":"T1590.003","technique_id":"454be621-ea64-409c-981f-809f1238e21c","owner_id":null},{"id":"b1e48782-754d-4c5a-95c7-f0bbe9ba8ba4","name":"Threat Intel Vendors","source":"MITRE","technique_attack_id":"T1597.001","technique_id":"a150a804-1a17-45aa-a49f-d65ee901ab59","owner_id":null},{"id":"0274a08d-f96a-427f-a266-d38cbf71105b","name":"Gather Victim Identity Information","source":"MITRE","technique_attack_id":"T1589","technique_id":"aea36489-047e-4c4a-ab26-c51fd3556182","owner_id":null},{"id":"d85cab65-9ade-4484-8631-342351b9734e","name":"Vulnerability Scanning","source":"MITRE","technique_attack_id":"T1595.002","technique_id":"c0a8e0d6-c108-4c15-9a3a-78ef1da06e32","owner_id":null},{"id":"7b75d174-283b-4e22-ab3f-c4e88f70d6a7","name":"Search Open Technical Databases","source":"MITRE","technique_attack_id":"T1596","technique_id":"cf79ad1b-a82b-486b-88ad-e93bfc1c7439","owner_id":null},{"id":"4581db87-5756-4f6e-a763-26da5170b7b6","name":"Active Scanning","source":"MITRE","technique_attack_id":"T1595","technique_id":"a930437d-5a12-4dc4-b311-f5fd6a766c85","owner_id":null},{"id":"ca2d9ddc-da1e-4b5e-8205-88c43a914575","name":"Email Addresses","source":"MITRE","technique_attack_id":"T1589.002","technique_id":"2eee984c-ea00-4284-b3eb-fd0c603a5a80","owner_id":null},{"id":"7dfd66f7-7760-45f1-825a-2050fe0f1791","name":"Network Security Appliances","source":"MITRE","technique_attack_id":"T1590.006","technique_id":"c60e4f32-d8f0-49e8-b0f7-57a6ae35b8bb","owner_id":null},{"id":"3d98bf2a-77c4-4e00-a526-f7db72817a2a","name":"Search Engines","source":"MITRE","technique_attack_id":"T1593.002","technique_id":"62bc11f9-f88c-437a-98ae-e90def576e7e","owner_id":null},{"id":"4f458493-136b-4141-9a23-82abc0732b8d","name":"Business Relationships","source":"MITRE","technique_attack_id":"T1591.002","technique_id":"9bd53629-fa2c-417d-b937-c575504be5b1","owner_id":null},{"id":"16c79961-7a99-401d-bff3-b0ed77301e50","name":"Code Repositories","source":"MITRE","technique_attack_id":"T1593.003","technique_id":"2e4201da-fe83-439d-9d40-87e4c1f832fb","owner_id":null},{"id":"fad7ca7d-204b-44e5-951d-171eeeef3aaf","name":"Employee Names","source":"MITRE","technique_attack_id":"T1589.003","technique_id":"72668851-bf65-42eb-a775-bc607f4520a2","owner_id":null},{"id":"f16bd83a-9b68-49ce-804b-5896c31a5a10","name":"Client Configurations","source":"MITRE","technique_attack_id":"T1592.004","technique_id":"bc4f11b1-fd06-4e49-be48-e73ece82f1a9","owner_id":null},{"id":"e05c67b9-b488-485a-ac6f-c320e18554e4","name":"Spearphishing Attachment","source":"MITRE","technique_attack_id":"T1598.002","technique_id":"b18ddaf9-2939-45db-8b2a-2edecc2097ac","owner_id":null},{"id":"9505c968-4d14-4d69-a1fb-370e8e590714","name":"CDNs","source":"MITRE","technique_attack_id":"T1596.004","technique_id":"d8dcce33-3a7e-4a1c-95c6-afdcf2fa1df6","owner_id":null},{"id":"ed611a57-63e6-426b-9f25-68a287a3f071","name":"Gather Victim Org Information","source":"MITRE","technique_attack_id":"T1591","technique_id":"e55d2e4b-07d8-4c22-b543-c187be320578","owner_id":null},{"id":"d4010cd5-7639-423e-921c-dbe21d6e5a8c","name":"Gather Victim Network Information","source":"MITRE","technique_attack_id":"T1590","technique_id":"58776ca9-0c54-487f-afcc-e7e5b661bd54","owner_id":null},{"id":"028ecd35-2f4a-43d0-97e4-3152bbd6e4e0","name":"Search Open Websites/Domains","source":"MITRE","technique_attack_id":"T1593","technique_id":"f2d216e3-43d6-4a2e-aa5b-d6be78d018b6","owner_id":null},{"id":"e96e93f9-a30f-4aa7-a4f6-d80f369ef155","name":"Firmware","source":"MITRE","technique_attack_id":"T1592.003","technique_id":"8af6a9ee-c323-44fa-85d3-29366fd1bb4f","owner_id":null},{"id":"b14eadd1-c884-4a67-8c86-96cb66d036fe","name":"Software","source":"MITRE","technique_attack_id":"T1592.002","technique_id":"77476b73-f4d1-4689-8f9e-af08d27f4cba","owner_id":null},{"id":"3352b5fa-be1a-408a-8ea6-6c05e554d785","name":"Social Media","source":"MITRE","technique_attack_id":"T1593.001","technique_id":"d97c3d34-1210-4c71-b305-59dcccab8f45","owner_id":null},{"id":"494ee514-044d-4a5f-9a32-3b0159854501","name":"Credentials","source":"MITRE","technique_attack_id":"T1589.001","technique_id":"e5d9c785-61bd-483f-b2ac-5bd9a8641b22","owner_id":null},{"id":"defa1c5b-b03a-4612-9590-165d06958ed0","name":"Wordlist Scanning","source":"MITRE","technique_attack_id":"T1595.003","technique_id":"a0e40412-cbfb-477b-87fc-40f2c84d26be","owner_id":null},{"id":"58a402ee-37e9-4160-b61d-4bcc6fa7661c","name":"Identify Roles","source":"MITRE","technique_attack_id":"T1591.004","technique_id":"63a99eb9-0da7-4286-bfc9-c306a03abf24","owner_id":null},{"id":"6b93b27d-7152-4cb5-9c98-37fe6cb232ff","name":"Phishing for Information","source":"MITRE","technique_attack_id":"T1598","technique_id":"b6fe2fda-9c05-4f05-b049-7bb5b9ba5b06","owner_id":null},{"id":"128df5e6-0077-4337-b8fb-96e0816a9bba","name":"Scanning IP Blocks","source":"MITRE","technique_attack_id":"T1595.001","technique_id":"473afdb8-5048-4838-a3fc-56be30be1e56","owner_id":null},{"id":"7147e0b1-2f80-41da-bb51-4e4febcaed4a","name":"Domain Properties","source":"MITRE","technique_attack_id":"T1590.001","technique_id":"ec145032-4b1b-4dbe-85bf-47360e35b0a3","owner_id":null},{"id":"9d4d6294-3761-4df1-8f5a-d0094345fa54","name":"Scan Databases","source":"MITRE","technique_attack_id":"T1596.005","technique_id":"b39cc340-ee1d-46a8-add2-f36aade56f15","owner_id":null},{"id":"28620226-471d-407a-9ac6-3ce872430371","name":"Determine Physical Locations","source":"MITRE","technique_attack_id":"T1591.001","technique_id":"d93b51df-014a-4d46-949a-4b8f796e6cca","owner_id":null},{"id":"5ee7bfc6-25ee-48d2-bf8d-fedf3c2f7c01","name":"Spearphishing Service","source":"MITRE","technique_attack_id":"T1598.001","technique_id":"7f953df5-c91f-4975-a579-2be3c89bca7e","owner_id":null},{"id":"68932ce6-3f8b-4259-b2b1-62e6e28bbe1c","name":"Search Closed Sources","source":"MITRE","technique_attack_id":"T1597","technique_id":"40e4133b-28c2-4da7-9a6a-7392ae87f1da","owner_id":null},{"id":"951c50f6-c208-52e2-8920-de65b9d19321","name":"Spearphishing Voice","source":"MITRE","technique_attack_id":"T1598.004","technique_id":"113b8750-d166-5cac-bd26-2c82c90b9d88","owner_id":null}],"tags":[],"tidal_id":"aa3a5e1a-6394-5667-8f67-973b363d357d","matrices":["eb526fa4-3108-46a7-9494-91cade94b1eb"]},{"id":"989d09c2-12b8-4419-9b34-a328cf295fff","name":"Resource Development","description":"The adversary is trying to establish resources they can use to support operations.\n\nResource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.","ordinal_position":2,"source":"MITRE","tactic_attack_id":"TA0042","owner_name":null,"techniques":[{"id":"5c514f38-20d9-4260-b8e5-d2d5f86f7fc9","name":"Obtain Capabilities","source":"MITRE","technique_attack_id":"T1588","technique_id":"a6740db8-10d6-4e5b-986b-7695d3fc4b85","owner_id":null},{"id":"783501a8-429d-4240-9669-9e257fbd5baf","name":"Serverless","source":"MITRE","technique_attack_id":"T1584.007","technique_id":"f2b5a3e4-8a59-41f5-88c4-142f2da251c8","owner_id":null},{"id":"94a33df2-a591-46a2-bc1b-130f9c455fa0","name":"Server","source":"MITRE","technique_attack_id":"T1584.004","technique_id":"ce71e252-3403-4287-a0b5-9328fa88af96","owner_id":null},{"id":"8b4e76ec-15d5-413d-82d9-15267c04d1fe","name":"SEO Poisoning","source":"MITRE","technique_attack_id":"T1608.006","technique_id":"68d5de9f-ca86-4bd3-bf69-524d82f7bc7a","owner_id":null},{"id":"a7410341-c292-4ce2-809e-9560228e5ffe","name":"Upload Malware","source":"MITRE","technique_attack_id":"T1608.001","technique_id":"8ecf5275-c6d1-4fe3-a24a-63fa1f3144fe","owner_id":null},{"id":"053cc783-883a-4333-8073-51e4b80dfdcc","name":"Domains","source":"MITRE","technique_attack_id":"T1583.001","technique_id":"b9f5f6b7-ecff-48c8-a23e-c58fd9e41a0d","owner_id":null},{"id":"6429f1a9-26a8-4e12-9ce5-f00889e8c0f4","name":"Upload Tool","source":"MITRE","technique_attack_id":"T1608.002","technique_id":"d7594eaf-286f-4484-94fa-8608c911767a","owner_id":null},{"id":"566ed539-a5da-4e37-a264-2a246b665f86","name":"Server","source":"MITRE","technique_attack_id":"T1583.004","technique_id":"6e4a0960-dcdc-4e42-9aa1-70d6fc3677b2","owner_id":null},{"id":"0bf60c51-aaf8-4dab-8084-11465c8b1103","name":"Email Accounts","source":"MITRE","technique_attack_id":"T1585.002","technique_id":"1ff8b8f4-fa76-4226-a28b-b0c25c78b2eb","owner_id":null},{"id":"ee27a27f-5481-47d0-8d2b-545646dd0878","name":"Malware","source":"MITRE","technique_attack_id":"T1588.001","technique_id":"49c73c13-2281-45d3-af26-ad52a1cecb7a","owner_id":null},{"id":"a7983bb6-1242-47f8-90ce-c25b45275ff5","name":"Virtual Private Server","source":"MITRE","technique_attack_id":"T1583.003","technique_id":"2c04d7c8-67a3-4b1a-bd71-47b7c5a54b23","owner_id":null},{"id":"851f88df-9f0f-4b98-89fa-668c35bb7d51","name":"Compromise Infrastructure","source":"MITRE","technique_attack_id":"T1584","technique_id":"c12d81d3-abe4-43d7-8a65-f4b3150e722d","owner_id":null},{"id":"bd6798df-c5e8-4f95-b286-3df5a88f9da7","name":"Compromise Accounts","source":"MITRE","technique_attack_id":"T1586","technique_id":"c6374cbe-799a-4648-b1e2-2a66bb42d3f3","owner_id":null},{"id":"8a7e3386-dc34-44e5-8a05-ca019906b895","name":"Botnet","source":"MITRE","technique_attack_id":"T1584.005","technique_id":"66caa162-711c-44ac-b96d-0552cf328f84","owner_id":null},{"id":"e60fd2d8-38e4-4c21-a69e-cb4235dde5d3","name":"Stage Capabilities","source":"MITRE","technique_attack_id":"T1608","technique_id":"ec2a76e6-3530-43e1-9e80-686e4b214ac8","owner_id":null},{"id":"8862494b-6488-4f53-b347-af11afab0159","name":"Link Target","source":"MITRE","technique_attack_id":"T1608.005","technique_id":"6824c82b-2959-4402-831a-6e7c2010d1c5","owner_id":null},{"id":"e0044441-c27c-4038-ae89-700173d42654","name":"Web Services","source":"MITRE","technique_attack_id":"T1583.006","technique_id":"2e883e0d-1108-431a-a2dd-98ba98b69417","owner_id":null},{"id":"06a72dfc-c833-450c-9093-40b3c12406d9","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1585.003","technique_id":"4c7e52b1-9881-4966-b9b5-d88c5e88d604","owner_id":null},{"id":"50d77b43-3224-4bda-b979-323adb45a100","name":"Tool","source":"MITRE","technique_attack_id":"T1588.002","technique_id":"755c1883-4046-446b-a76a-88a842dd1c2c","owner_id":null},{"id":"3fc09d4e-f31f-4de3-a915-c29eafff87b8","name":"Web Services","source":"MITRE","technique_attack_id":"T1584.006","technique_id":"ef312a77-6b1a-4be6-a220-3c689e7fcd9d","owner_id":null},{"id":"3338997b-3d88-4a7a-9034-999ce473dd3d","name":"Social Media Accounts","source":"MITRE","technique_attack_id":"T1585.001","technique_id":"fe0bf22c-efb2-4bc6-96d8-e0e909502fd7","owner_id":null},{"id":"a6f812f9-ac90-417a-bb44-a50669d89804","name":"Exploits","source":"MITRE","technique_attack_id":"T1587.004","technique_id":"5a57d258-0b23-431b-b50e-3150d2c0e52c","owner_id":null},{"id":"90f93e32-30dd-4cbe-8cd1-83bc313946a3","name":"Install Digital Certificate","source":"MITRE","technique_attack_id":"T1608.003","technique_id":"0b2a9df9-65c8-4a01-a0e6-d411e54a4c7b","owner_id":null},{"id":"5307c5a9-70ac-44f2-a34a-0490e7c97376","name":"DNS Server","source":"MITRE","technique_attack_id":"T1584.002","technique_id":"83e4f633-67fb-4d87-b1b3-8a7a2e60778b","owner_id":null},{"id":"795a5309-f4e2-449b-96e0-78bb35ea9b2b","name":"Establish Accounts","source":"MITRE","technique_attack_id":"T1585","technique_id":"9a2d6628-0dd7-4f25-a242-b752fcf47ff4","owner_id":null},{"id":"95de22c3-e07b-4f61-aa98-8ad4d4c29c8d","name":"Code Signing Certificates","source":"MITRE","technique_attack_id":"T1588.003","technique_id":"8bdeddbe-14aa-412a-883a-7d6fe286c60e","owner_id":null},{"id":"2fbe744c-8ea5-4682-9a83-7c75253d3872","name":"Develop Capabilities","source":"MITRE","technique_attack_id":"T1587","technique_id":"bf660248-2098-499b-b90c-8c47efb26c70","owner_id":null},{"id":"e983ec92-909c-4fa4-a3e2-34d84be0c204","name":"Exploits","source":"MITRE","technique_attack_id":"T1588.005","technique_id":"8842e2e3-c4f8-446b-821b-5930cb15d30c","owner_id":null},{"id":"d4f6b2c1-8f1d-4637-b454-5466d743aa2b","name":"Domains","source":"MITRE","technique_attack_id":"T1584.001","technique_id":"581722ea-81a5-4c73-a703-2c994f1cf814","owner_id":null},{"id":"b6020e6d-2119-47c1-b331-64d6e05f698b","name":"Drive-by Target","source":"MITRE","technique_attack_id":"T1608.004","technique_id":"f2661f07-9027-4d19-9028-d07b7511f3d5","owner_id":null},{"id":"65e0daeb-934d-4b58-923c-aeb33fcdc932","name":"Code Signing Certificates","source":"MITRE","technique_attack_id":"T1587.002","technique_id":"6f152555-36a5-4ec9-8b9b-f0b32c3ccef8","owner_id":null},{"id":"b1bbf01e-14a7-4a31-b3ab-a4713263ad7a","name":"Virtual Private Server","source":"MITRE","technique_attack_id":"T1584.003","technique_id":"3bd8c928-a7c8-4376-8f2f-2e0fcb449b37","owner_id":null},{"id":"f4c84516-e073-41a9-a936-1492b4e2180b","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1586.003","technique_id":"4b187604-88ab-4972-9836-90a04c705e10","owner_id":null},{"id":"947425f2-8664-420a-a035-7915de8f4a38","name":"Email Accounts","source":"MITRE","technique_attack_id":"T1586.002","technique_id":"49ae7bf1-a313-41d6-ad4c-74efc4c80ab6","owner_id":null},{"id":"62161a0a-c02d-4d57-9bc8-295a9743bf6f","name":"Acquire Infrastructure","source":"MITRE","technique_attack_id":"T1583","technique_id":"66ce76fb-5e1b-4462-9b46-d59bdfc6d3f3","owner_id":null},{"id":"7385c8c0-6e42-4e39-95e0-425739b45830","name":"Serverless","source":"MITRE","technique_attack_id":"T1583.007","technique_id":"c30faf84-496b-4f27-a4bc-aa36d583c69f","owner_id":null},{"id":"01b60b27-8d2a-4edb-8cc6-96506d665b79","name":"Digital Certificates","source":"MITRE","technique_attack_id":"T1588.004","technique_id":"4c0db4e5-14e0-4fb7-88b0-bb391ce5ad58","owner_id":null},{"id":"f3b1e1de-ae8d-47bf-ac3d-b309dc64be60","name":"DNS Server","source":"MITRE","technique_attack_id":"T1583.002","technique_id":"bae33d7b-c835-4eda-b310-bf426270c0b1","owner_id":null},{"id":"ea4f528a-0610-474d-9731-f08735674abd","name":"Digital Certificates","source":"MITRE","technique_attack_id":"T1587.003","technique_id":"5bcbb0c5-7061-481f-a677-09028a6c59f7","owner_id":null},{"id":"11260b0e-a7e5-4a17-b68e-a7a850887f25","name":"Malware","source":"MITRE","technique_attack_id":"T1587.001","technique_id":"0f77a14a-d450-4885-b81f-23eeffa53a7e","owner_id":null},{"id":"3a2b6963-a80c-4626-9318-046cf9b4debd","name":"Social Media Accounts","source":"MITRE","technique_attack_id":"T1586.001","technique_id":"3426077d-3b9c-4f77-a1c6-d68f0dea670e","owner_id":null},{"id":"196ac4f0-499a-4d31-aa26-fc538815620b","name":"Vulnerabilities","source":"MITRE","technique_attack_id":"T1588.006","technique_id":"fe96475a-3090-449d-91fd-ae73cb4d9c7c","owner_id":null},{"id":"500aa4eb-c947-432e-a706-53b9917a0b53","name":"Botnet","source":"MITRE","technique_attack_id":"T1583.005","technique_id":"be637d66-5110-4872-bc15-63b062c3f290","owner_id":null},{"id":"4f75af53-372c-50a0-b829-336ac45e732d","name":"Artificial Intelligence","source":"MITRE","technique_attack_id":"T1588.007","technique_id":"9938f7ab-c7d0-5483-bdb9-565431a049ff","owner_id":null},{"id":"f3e6836f-565a-5831-9907-f96919661214","name":"Network Devices","source":"MITRE","technique_attack_id":"T1584.008","technique_id":"f57c8d43-ca88-5351-9828-36b1937daf0e","owner_id":null},{"id":"0f2b7a34-8414-54be-b636-7619579aee8e","name":"Malvertising","source":"MITRE","technique_attack_id":"T1583.008","technique_id":"60ac24aa-ce63-5c1d-8126-db20a27d85be","owner_id":null},{"id":"6531db60-0db4-55e7-aba4-6e5c085acd32","name":"Acquire Access","source":"MITRE","technique_attack_id":"T1650","technique_id":"478da817-1914-50f6-b1fd-434081a34354","owner_id":null}],"tags":[],"tidal_id":"be119ddf-73eb-5680-a601-7b24ac52c553","matrices":["eb526fa4-3108-46a7-9494-91cade94b1eb"]},{"id":"586a5b49-c566-4a57-beb4-e7c667f9c34c","name":"Initial Access","description":"The adversary is trying to get into your network.\n\nInitial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.","ordinal_position":3,"source":"MITRE","tactic_attack_id":"TA0001","owner_name":null,"techniques":[{"id":"b3832940-e094-47b1-8fc8-2d094da77175","name":"Supply Chain Compromise","source":"Mobile","technique_attack_id":"T1474","technique_id":"b9e83e1a-c042-57d4-96cb-39c8d8943a02","owner_id":null},{"id":"cb878700-05bf-4294-95c8-14d1805bd7c8","name":"Application Versioning","source":"Mobile","technique_attack_id":"T1661","technique_id":"98bb0216-1704-5f2d-8dc7-9b6361e8779a","owner_id":null},{"id":"15e8a00f-a89c-48f3-bac9-6db84a2cce51","name":"Replication Through Removable Media","source":"Mobile","technique_attack_id":"T1458","technique_id":"f1f2d031-8d9d-501b-9112-d5602bc31171","owner_id":null},{"id":"e55d16f5-ce96-47b8-be65-d26106ddc1bd","name":"Exploitation for Initial Access","source":"Mobile","technique_attack_id":"T1664","technique_id":"d3790933-cb50-5832-a70f-97feb3fd1236","owner_id":null},{"id":"8860c715-92d4-4303-a6ad-fc492277ae31","name":"Compromise Software Dependencies and Development Tools","source":"Mobile","technique_attack_id":"T1474.001","technique_id":"d01b8653-e81e-5b75-bac5-df49b3485e39","owner_id":null},{"id":"9a259f05-3c40-4e2d-acbc-7304627b2838","name":"Compromise Software Supply Chain","source":"Mobile","technique_attack_id":"T1474.003","technique_id":"3b1b9ce1-c180-5fe9-8abf-5fe76ad111f1","owner_id":null},{"id":"d3982d6f-93dd-48f0-b3cc-a3b996f8845a","name":"SIM Card Swap","source":"Mobile","technique_attack_id":"T1451","technique_id":"4891e699-7dbb-562e-ab20-b8b4da752db1","owner_id":null},{"id":"88407e42-bef5-49d9-b9d3-42478eb5d0bb","name":"Compromise Hardware Supply Chain","source":"Mobile","technique_attack_id":"T1474.002","technique_id":"4cecf067-eb3f-5860-b522-922febccc421","owner_id":null},{"id":"e2d22171-d31d-4c67-9437-8a3033e7ebb6","name":"Phishing","source":"Mobile","technique_attack_id":"T1660","technique_id":"60a6aff8-64e3-55c2-9694-0734ea32fad0","owner_id":null},{"id":"b2d87817-4ac2-4e59-b3c2-a3334fe41529","name":"Lockscreen Bypass","source":"Mobile","technique_attack_id":"T1461","technique_id":"bfa42560-ef9b-5d8c-b17d-15a320f98921","owner_id":null},{"id":"97c43c32-7a04-49bd-9c4f-11983308393a","name":"Drive-By Compromise","source":"Mobile","technique_attack_id":"T1456","technique_id":"d5fe8095-6877-5bba-9c25-1166c4d8ef24","owner_id":null},{"id":"23691bff-8411-471b-84ce-e1cc4f5e860c","name":"Wireless Compromise","source":"ICS","technique_attack_id":"T0860","technique_id":"3edbb64c-77a3-5ab1-b374-68c9469c9936","owner_id":null},{"id":"6b9485cd-a906-4db2-af30-7419b30e200b","name":"Exploit Public-Facing Application","source":"ICS","technique_attack_id":"T0819","technique_id":"53e28b11-2775-515a-bd24-0144ed504b97","owner_id":null},{"id":"babf819d-08e0-4b1f-be76-81cd1d45587e","name":"Transient Cyber Asset","source":"ICS","technique_attack_id":"T0864","technique_id":"026af773-33ec-5ac3-a757-1c3819e38181","owner_id":null},{"id":"793f9276-13a0-428f-a813-0abad27afedd","name":"Supply Chain Compromise","source":"ICS","technique_attack_id":"T0862","technique_id":"03d3dc16-893f-5427-bb31-f5850ddba304","owner_id":null},{"id":"7393d84f-24c8-448e-993d-aefe8b64f164","name":"Spearphishing Attachment","source":"ICS","technique_attack_id":"T0865","technique_id":"bbcf087d-f0db-5671-b8e4-0f465689b131","owner_id":null},{"id":"85746e97-7c50-4c77-a0e7-c63b36d2b8cf","name":"Drive-by Compromise","source":"ICS","technique_attack_id":"T0817","technique_id":"b04820a7-4ac4-5bab-839c-b462cdbb405b","owner_id":null},{"id":"882f3500-a890-4904-b722-f98b79f49c8b","name":"Exploitation of Remote Services","source":"ICS","technique_attack_id":"T0866","technique_id":"fa63cff9-015c-5b5e-b8ee-dfaf9d7242fb","owner_id":null},{"id":"c0ff31f1-5231-46cd-a821-dc1fd288c694","name":"External Remote Services","source":"ICS","technique_attack_id":"T0822","technique_id":"7204699f-bc20-52d8-9307-fad2f1fc6334","owner_id":null},{"id":"d484aded-4c5e-4437-bdd3-ddc5ee6e4c6e","name":"Rogue Master","source":"ICS","technique_attack_id":"T0848","technique_id":"69caf1a5-8f31-5362-8917-d4c0308d9bac","owner_id":null},{"id":"fd752375-97ff-49ed-aa06-7600438f1ec5","name":"Replication Through Removable Media","source":"ICS","technique_attack_id":"T0847","technique_id":"89510d51-fd00-5670-8987-e912dbbbcec4","owner_id":null},{"id":"027829a6-8b96-43ba-9779-877a38f21c03","name":"Remote Services","source":"ICS","technique_attack_id":"T0886","technique_id":"2f42621d-eb8d-5961-94b7-7bef6c2d475f","owner_id":null},{"id":"9e646aeb-d8dd-419f-9325-c0a94615f712","name":"Internet Accessible Device","source":"ICS","technique_attack_id":"T0883","technique_id":"7b50c8c0-f6cc-584c-b744-cae9e7c94687","owner_id":null},{"id":"fed19aaa-7b11-51c4-93dd-bcb9be13e0a0","name":"Wi-Fi Networks","source":"MITRE","technique_attack_id":"T1669","technique_id":"68f66e4a-b20b-5c4b-a88b-93509a92e872","owner_id":null},{"id":"155815f2-655c-4c96-9521-d8b0e97aa2e5","name":"External Remote Services","source":"MITRE","technique_attack_id":"T1133","technique_id":"c1f7e330-f1c4-4923-b8ad-bbd79cc63cb4","owner_id":null},{"id":"dfe56376-b3a9-4c85-bff8-cd708b4d1d4a","name":"Compromise Software Dependencies and Development Tools","source":"MITRE","technique_attack_id":"T1195.001","technique_id":"590b55cd-7c6a-4207-b89a-3d7494623f00","owner_id":null},{"id":"74da64a4-5cea-4d96-81e8-753cefcc83eb","name":"Spearphishing Link","source":"MITRE","technique_attack_id":"T1566.002","technique_id":"d08a9977-9fc2-46bb-84f9-dbb5187c426d","owner_id":null},{"id":"05044dcb-64a8-48ad-8bac-c48136537140","name":"Spearphishing Attachment","source":"MITRE","technique_attack_id":"T1566.001","technique_id":"ba553ad4-5699-4458-ae4e-76e1faa43291","owner_id":null},{"id":"4dd66059-8c12-4d18-baef-41d21a29923e","name":"Compromise Hardware Supply Chain","source":"MITRE","technique_attack_id":"T1195.003","technique_id":"53fea37d-be26-4bed-a8a1-1d67f7cbffcf","owner_id":null},{"id":"de4a2094-15a9-42aa-b6ce-d61aac29ae3c","name":"Replication Through Removable Media","source":"MITRE","technique_attack_id":"T1091","technique_id":"6a7ab25e-49ed-4cd3-b199-5d80b728b416","owner_id":null},{"id":"33b9b176-d021-4b7e-b88f-6f43a6ab728c","name":"Supply Chain Compromise","source":"MITRE","technique_attack_id":"T1195","technique_id":"b72c8a96-5e03-40c2-ac0c-f77b73fe493f","owner_id":null},{"id":"29e3abd9-7525-4c29-b105-b0a0f5ad919c","name":"Exploit Public-Facing Application","source":"MITRE","technique_attack_id":"T1190","technique_id":"4695fd01-43a5-4aa9-ab1a-501fc0dfbd6a","owner_id":null},{"id":"fa5650dd-9485-428f-8184-2e9d54fc2bb0","name":"Default Accounts","source":"MITRE","technique_attack_id":"T1078.001","technique_id":"6c55cf9c-0259-4ba0-9574-e90f6c88e6fd","owner_id":null},{"id":"afea162f-8a2e-4cb8-a9b4-48d2b9b60586","name":"Trusted Relationship","source":"MITRE","technique_attack_id":"T1199","technique_id":"7549c2f9-b5d2-4773-90ed-42f668aecacf","owner_id":null},{"id":"87d44dd1-94dd-4465-b46d-5446e4ba7d0f","name":"Phishing","source":"MITRE","technique_attack_id":"T1566","technique_id":"d4a36624-50cb-43d3-95af-a2e10878a533","owner_id":null},{"id":"af940a52-ea75-4bc5-b5a7-3a34796fb5fd","name":"Valid Accounts","source":"MITRE","technique_attack_id":"T1078","technique_id":"a9b7eb2f-63e7-41bc-9d77-f7c4cede5406","owner_id":null},{"id":"68106281-c308-42a7-b8df-dbb9a3ad9b4a","name":"Compromise Software Supply Chain","source":"MITRE","technique_attack_id":"T1195.002","technique_id":"9953faea-d25d-4e6e-a132-8993535c5c14","owner_id":null},{"id":"a2946045-2165-42c4-a833-f9f9b3c65e64","name":"Hardware Additions","source":"MITRE","technique_attack_id":"T1200","technique_id":"4557bfb9-b940-49b6-b8be-571979134419","owner_id":null},{"id":"cf70076a-936e-4036-93fb-c643f88f7538","name":"Drive-by Compromise","source":"MITRE","technique_attack_id":"T1189","technique_id":"d4e46fe1-cc6d-4ef0-af72-a4e8dcd71381","owner_id":null},{"id":"a81f7f84-3bb6-42d6-ab06-5777278b524a","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1078.004","technique_id":"3c4a2f3a-5877-4a27-a417-76318523657e","owner_id":null},{"id":"bd5770ce-504a-4257-9845-650965593756","name":"Spearphishing via Service","source":"MITRE","technique_attack_id":"T1566.003","technique_id":"165ba336-3eab-4809-b6fd-d0dcc5478f7f","owner_id":null},{"id":"0e74113c-7cac-4f88-aea0-4899e7005346","name":"Local Accounts","source":"MITRE","technique_attack_id":"T1078.003","technique_id":"d2a19fd8-ff9c-4f9e-9e84-ed3ea12c4b7c","owner_id":null},{"id":"6ccc9725-ef24-4fc3-b9e3-d6ed4ab7f6bb","name":"Domain Accounts","source":"MITRE","technique_attack_id":"T1078.002","technique_id":"74b99029-3f0a-4cc8-90d6-5a6b177c06eb","owner_id":null},{"id":"c73c5b79-9ea0-568e-8492-79004fecc610","name":"Content Injection","source":"MITRE","technique_attack_id":"T1659","technique_id":"3f95e4f2-cd4a-502c-a12a-becb8d28440c","owner_id":null},{"id":"089e4e50-5a56-55ba-a747-e8aaeaf588af","name":"Spearphishing Voice","source":"MITRE","technique_attack_id":"T1566.004","technique_id":"350c12a3-33f6-5942-8892-4d6e70abbfc1","owner_id":null}],"tags":[],"tidal_id":"2afce262-51a1-5ef4-8dc4-67e9026248fb","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"dad2337d-6d35-410a-acc5-da36ff83ee44","name":"Execution","description":"The adversary is trying to run malicious code.\n\nExecution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. ","ordinal_position":4,"source":"MITRE","tactic_attack_id":"TA0002","owner_name":null,"techniques":[{"id":"f09f4f04-2889-433d-8e13-96227935da6e","name":"Scheduled Task/Job","source":"Mobile","technique_attack_id":"T1603","technique_id":"b8b551b4-b9cc-5497-8c58-1cfd4b9468b1","owner_id":null},{"id":"886c874f-a4d5-4113-9618-4bd2da75f323","name":"Command and Scripting Interpreter","source":"Mobile","technique_attack_id":"T1623","technique_id":"6ec621dc-b39b-53b2-ab9f-5d8f70bc830f","owner_id":null},{"id":"e7944b87-cd83-49ec-9b4d-77fe2e26fbc5","name":"Native API","source":"Mobile","technique_attack_id":"T1575","technique_id":"bd3cc9d8-587d-5f60-9a21-e499859d6f08","owner_id":null},{"id":"25ee8e3f-6ef0-4562-8ad8-35cf6c33bcc9","name":"Exploitation for Client Execution","source":"Mobile","technique_attack_id":"T1658","technique_id":"ad0d1671-9fc1-55cd-a2b0-465d163e9f1f","owner_id":null},{"id":"4a4361cb-89f9-48df-94ac-843d9fecadbd","name":"Unix Shell","source":"Mobile","technique_attack_id":"T1623.001","technique_id":"1bc20201-2cb3-5bbc-a716-60f7cad82f33","owner_id":null},{"id":"7d9bfacc-0b8a-4454-96aa-c1945f1b04f5","name":"Inter-Process Communication","source":"MITRE","technique_attack_id":"T1559","technique_id":"afa4e2b5-cdd8-4d54-bcdb-acee8b5649e4","owner_id":null},{"id":"c75d644b-df66-457e-a7df-9f0caee44c66","name":"Modify Controller Tasking","source":"ICS","technique_attack_id":"T0821","technique_id":"609f037b-0bd6-5161-b088-f4124dbc33aa","owner_id":null},{"id":"38077fd5-06c2-400e-aa44-d4f5d03f6e18","name":"Command-Line Interface","source":"ICS","technique_attack_id":"T0807","technique_id":"222e8f05-b7b2-55ae-8d0d-336843d6f846","owner_id":null},{"id":"7ffef4b1-39d4-4d1e-b4d6-bf19b32d29d6","name":"User Execution","source":"ICS","technique_attack_id":"T0863","technique_id":"bdee92ac-0df3-5574-b4ae-d60d1fd7d434","owner_id":null},{"id":"d475eccf-ffe1-464e-9782-6b2ff5001963","name":"Change Operating Mode","source":"ICS","technique_attack_id":"T0858","technique_id":"643ccf55-08e2-5b7b-bb56-4b1866408556","owner_id":null},{"id":"fa3153a7-807b-49c7-b9da-3ebbc58f7cc4","name":"Scripting","source":"ICS","technique_attack_id":"T0853","technique_id":"511cb54b-dbaa-5c1a-96af-e819c266d82c","owner_id":null},{"id":"1e49769e-ab13-4819-9901-8b1131c38326","name":"Execution through API","source":"ICS","technique_attack_id":"T0871","technique_id":"355ab049-eb22-5d31-a8b0-2a4bb8c0a9b5","owner_id":null},{"id":"b83fcdce-b931-494f-8656-78750d731696","name":"Autorun Image","source":"ICS","technique_attack_id":"T0895","technique_id":"f4dc575c-7d44-5258-9501-84d795853066","owner_id":null},{"id":"f824ae65-35e6-4e79-9287-abe4dab76b64","name":"Hooking","source":"ICS","technique_attack_id":"T0874","technique_id":"346b73a3-6e36-53cb-8018-c475f17cbea4","owner_id":null},{"id":"00dd286b-1c31-4e08-8b2d-8b2f2fb04769","name":"Graphical User Interface","source":"ICS","technique_attack_id":"T0823","technique_id":"52951eaa-5133-5974-a7d6-b3d81334bde0","owner_id":null},{"id":"a8c1cf72-793a-4627-b9c6-583e8bc938ef","name":"Native API","source":"ICS","technique_attack_id":"T0834","technique_id":"dc75f5cc-50bd-57dc-b7ee-baf96458449d","owner_id":null},{"id":"7a4c7b52-9b4e-41cf-9953-5a5be5f63032","name":"Malicious Image","source":"MITRE","technique_attack_id":"T1204.003","technique_id":"f795ef6d-d2cf-440e-b871-ab19dc385789","owner_id":null},{"id":"05a81704-be54-4708-903f-624fe6869e5a","name":"Exploitation for Client Execution","source":"MITRE","technique_attack_id":"T1203","technique_id":"068df3d7-f788-44e4-9e6b-2ae443af1609","owner_id":null},{"id":"ec662564-ecac-43c9-add4-4acaaf5406bf","name":"Python","source":"MITRE","technique_attack_id":"T1059.006","technique_id":"68fed1c9-e060-4c4d-83d9-d8c817893d65","owner_id":null},{"id":"04249569-a0cc-4476-96ef-81b3ede240f9","name":"Service Execution","source":"MITRE","technique_attack_id":"T1569.002","technique_id":"68427c7d-f65a-4545-abfd-13d69e5e50cf","owner_id":null},{"id":"cf741b9c-aef6-57c2-ad07-2dbb189cfb57","name":"Lua","source":"MITRE","technique_attack_id":"T1059.011","technique_id":"88358f1a-07b2-5d95-8ee5-4b22b7cebe5b","owner_id":null},{"id":"6191d457-f414-4ec1-bb3d-437bc14043fb","name":"Scheduled Task","source":"MITRE","technique_attack_id":"T1053.005","technique_id":"723c6d51-91db-4658-9ee0-eafb953c2d82","owner_id":null},{"id":"59ad893d-5eed-4ee6-b7c5-4adf5813bd62","name":"Windows Management Instrumentation","source":"MITRE","technique_attack_id":"T1047","technique_id":"c37795d9-8970-461f-9491-3086d6b4b69a","owner_id":null},{"id":"33d6a889-b14c-4c3d-8875-8240039db116","name":"Shared Modules","source":"MITRE","technique_attack_id":"T1129","technique_id":"8941d1f4-d80c-4aaa-821a-a059c2a0f854","owner_id":null},{"id":"018bc52f-9f64-40f4-927e-a5e33fd115c3","name":"JavaScript","source":"MITRE","technique_attack_id":"T1059.007","technique_id":"8a669da8-8894-4fb0-9124-c3c8418985cc","owner_id":null},{"id":"71cd3259-35de-40b4-b724-494154532bcd","name":"Container Orchestration Job","source":"MITRE","technique_attack_id":"T1053.007","technique_id":"eb1a471e-e3b5-4790-8c0a-b89b68f244b9","owner_id":null},{"id":"98445d52-08c5-4f50-b164-8997d6fcb461","name":"Dynamic Data Exchange","source":"MITRE","technique_attack_id":"T1559.002","technique_id":"82497cfd-725e-42f8-aaa7-4e20878a6a13","owner_id":null},{"id":"8d7a73d7-9911-4d78-8514-c49c921861fe","name":"Malicious File","source":"MITRE","technique_attack_id":"T1204.002","technique_id":"3412ca73-2f25-452a-8e6e-5c28fe72ef78","owner_id":null},{"id":"56305a40-7a62-4b97-bbf8-202abf1d2543","name":"Cron","source":"MITRE","technique_attack_id":"T1053.003","technique_id":"803d286d-8104-4af8-9821-3f49240edc2b","owner_id":null},{"id":"054fda87-e2e5-49b5-a13b-5e26695887f6","name":"Component Object Model","source":"MITRE","technique_attack_id":"T1559.001","technique_id":"8bc683db-1311-476f-8cae-45f3f89dcc66","owner_id":null},{"id":"c102ae56-7cb8-474e-a245-0ef4a8309213","name":"Scheduled Task/Job","source":"MITRE","technique_attack_id":"T1053","technique_id":"0baf02af-ffaa-403f-9f0d-da51f463a1d8","owner_id":null},{"id":"5c613559-1e5d-4441-99ca-f0c56fa9972a","name":"AppleScript","source":"MITRE","technique_attack_id":"T1059.002","technique_id":"9f06ef9b-d587-41d3-8fc8-7d539dac5701","owner_id":null},{"id":"deaa78e4-3af6-40e8-a651-68977016b61e","name":"Native API","source":"MITRE","technique_attack_id":"T1106","technique_id":"1120f5ec-ef1b-4596-8d8b-a3979a766560","owner_id":null},{"id":"43714d78-c1c9-48ba-b7c6-d56c4ae267c9","name":"Deploy Container","source":"MITRE","technique_attack_id":"T1610","technique_id":"2618638c-f6bd-4840-a297-c45076e094a9","owner_id":null},{"id":"35d16189-6cf4-4909-a703-85888d127bb1","name":"Command and Scripting Interpreter","source":"MITRE","technique_attack_id":"T1059","technique_id":"a2184d53-63b1-4c40-81ed-da799080c36c","owner_id":null},{"id":"e5e7461d-1217-4105-8e4c-f61a63817db4","name":"Container Administration Command","source":"MITRE","technique_attack_id":"T1609","technique_id":"0b9609dd-9f19-4747-ba6e-421b6b7ff03f","owner_id":null},{"id":"4301f8fc-bbad-4354-9019-82b575ee0dae","name":"Launchctl","source":"MITRE","technique_attack_id":"T1569.001","technique_id":"8edc6345-c423-4872-9e22-11e22d9164ff","owner_id":null},{"id":"9175ee80-1848-4e92-84c9-0897f505911a","name":"Network Device CLI","source":"MITRE","technique_attack_id":"T1059.008","technique_id":"284bfbb3-99f0-4c3d-bc1f-ab74065b7907","owner_id":null},{"id":"d3804352-fce7-4dbc-a651-6faa0d70d0bf","name":"XPC Services","source":"MITRE","technique_attack_id":"T1559.003","technique_id":"496998fe-4066-45cf-b84a-dc428e6819c8","owner_id":null},{"id":"47acede8-ca2e-41aa-8dad-ffa2b041ee37","name":"User Execution","source":"MITRE","technique_attack_id":"T1204","technique_id":"b84435ab-2ff4-4b6f-ba71-b4b815474872","owner_id":null},{"id":"89f9eabc-3610-4e2e-a625-0af760fb4d5a","name":"Software Deployment Tools","source":"MITRE","technique_attack_id":"T1072","technique_id":"1bcf9fb5-6848-44d9-b394-ffbd3c357058","owner_id":null},{"id":"5a32f9d2-6dd7-4d20-a092-f7a5cfe51c00","name":"PowerShell","source":"MITRE","technique_attack_id":"T1059.001","technique_id":"6ca7838a-e8ad-43e8-9da6-15b640d1cbde","owner_id":null},{"id":"729ab6af-148f-46f4-a797-7562b16ce2e1","name":"Systemd Timers","source":"MITRE","technique_attack_id":"T1053.006","technique_id":"8cc9e419-607e-4d2a-91d9-d47022e02bea","owner_id":null},{"id":"7f1cb1b7-4ba1-4006-a539-a1c8c5e66e4c","name":"Unix Shell","source":"MITRE","technique_attack_id":"T1059.004","technique_id":"3eafcd8b-0cb8-4d23-8785-3f80a3c897c7","owner_id":null},{"id":"159e2e5f-affd-4937-ab40-cfe926872d6c","name":"System Services","source":"MITRE","technique_attack_id":"T1569","technique_id":"a2300ed3-a502-4fe4-bad5-4aa1efc72941","owner_id":null},{"id":"725d1b6f-0ee6-4474-955b-8554b967f9f1","name":"Windows Command Shell","source":"MITRE","technique_attack_id":"T1059.003","technique_id":"be095bcc-4769-4010-b2db-3033d01efdbe","owner_id":null},{"id":"55f44786-a791-403f-9d43-b133c23f0dd1","name":"Visual Basic","source":"MITRE","technique_attack_id":"T1059.005","technique_id":"0340ed34-6db2-4979-bf73-2c16855867b4","owner_id":null},{"id":"3103d692-eaef-48e7-972e-21db8662db6e","name":"Serverless Execution","source":"MITRE","technique_attack_id":"T1648","technique_id":"d9edb609-2ca3-43d1-9c4d-c09a2856230f","owner_id":null},{"id":"9c059130-8e1a-493a-a5ad-6a471400081a","name":"Malicious Link","source":"MITRE","technique_attack_id":"T1204.001","technique_id":"46f60fff-71a1-4cfd-b639-71a0ac903bbb","owner_id":null},{"id":"daa37f05-c83e-4193-9e41-b40f95ae8a5a","name":"At","source":"MITRE","technique_attack_id":"T1053.002","technique_id":"6051e618-c476-41db-8b0b-0aef9d2bbbf7","owner_id":null},{"id":"19043a54-127c-5328-8293-d0d16e850b72","name":"Malicious Library","source":"MITRE","technique_attack_id":"T1204.005","technique_id":"b65c34d5-85cc-5af7-b75f-795a83ca0142","owner_id":null},{"id":"8bc66b2e-aab7-5259-add2-53727e80d56f","name":"Poisoned Pipeline Execution","source":"MITRE","technique_attack_id":"T1677","technique_id":"f7d11429-6da0-5298-b9a8-a691b0d3fec6","owner_id":null},{"id":"50b75a57-f7c5-5539-8002-bc5edfe298b3","name":"Container CLI/API","source":"MITRE","technique_attack_id":"T1059.013","technique_id":"26581b62-4031-594c-8627-3b4358dbf1bd","owner_id":null},{"id":"b30b7eb2-6d6a-563d-a328-0f0685aa4ce3","name":"ESXi Administration Command","source":"MITRE","technique_attack_id":"T1675","technique_id":"b9848870-8577-5638-86e8-28d64555c974","owner_id":null},{"id":"afd851a6-ba68-5a07-b845-4e2f3b5e3b24","name":"Systemctl","source":"MITRE","technique_attack_id":"T1569.003","technique_id":"85774757-bba6-51be-a836-98b01aca3fe8","owner_id":null},{"id":"bc605522-5eee-5b5b-9a12-618359e12463","name":"Input Injection","source":"MITRE","technique_attack_id":"T1674","technique_id":"16122e9f-2761-5acb-9b6e-3d08a48af74c","owner_id":null},{"id":"dd143a17-6d69-582b-a7e1-edc36ec93851","name":"Hypervisor CLI","source":"MITRE","technique_attack_id":"T1059.012","technique_id":"fced9cbe-2f9e-59f0-9c43-1895f935861b","owner_id":null},{"id":"27c6613d-1c38-5fc5-a4d4-9121e0250909","name":"Malicious Copy and Paste","source":"MITRE","technique_attack_id":"T1204.004","technique_id":"b77f25da-4da7-5d9c-9093-d384ca57616d","owner_id":null},{"id":"9eee1e87-354e-51c7-b375-01cde7becb8d","name":"Cloud API","source":"MITRE","technique_attack_id":"T1059.009","technique_id":"af798e80-2cc5-5452-83e4-9560f08bf2d5","owner_id":null},{"id":"e0518978-bcd5-55cc-844a-d753be24010c","name":"Cloud Administration Command","source":"MITRE","technique_attack_id":"T1651","technique_id":"944a7b91-c58e-567d-9e2c-515b93713c50","owner_id":null},{"id":"16b2b408-c51a-5f57-86b4-1c885dbc6ecb","name":"AutoHotKey & AutoIT","source":"MITRE","technique_attack_id":"T1059.010","technique_id":"889b6cfa-dfb4-5d9f-beef-6c7c2e171454","owner_id":null}],"tags":[],"tidal_id":"ec6fccb9-aa6a-54bb-a773-c0194cdddaec","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"ec4f9786-c00c-430a-bc6d-0d0d22fdd393","name":"Persistence","description":"The adversary is trying to maintain their foothold.\n\nPersistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code. ","ordinal_position":5,"source":"MITRE","tactic_attack_id":"TA0003","owner_name":null,"techniques":[{"id":"ae88326c-1c51-428e-9473-fc4f5bdfac57","name":"Scheduled Task/Job","source":"Mobile","technique_attack_id":"T1603","technique_id":"b8b551b4-b9cc-5497-8c58-1cfd4b9468b1","owner_id":null},{"id":"a8e3fc8e-ceb2-4014-abdc-bdcad00e27e1","name":"Broadcast Receivers","source":"Mobile","technique_attack_id":"T1624.001","technique_id":"0124b670-48c5-58d5-9885-b96a52099288","owner_id":null},{"id":"89816262-1dfe-450f-b7fe-10f121b9b2f2","name":"Boot or Logon Initialization Scripts","source":"Mobile","technique_attack_id":"T1398","technique_id":"6d31f5b4-936d-538d-8c6f-d77869f049f9","owner_id":null},{"id":"5b558aaf-5b65-4037-b4a1-4fa7ce163f32","name":"Compromise Client Software Binary","source":"Mobile","technique_attack_id":"T1645","technique_id":"f45a774d-6bce-5dc5-a50f-a8172775eeda","owner_id":null},{"id":"2b20b0aa-d84e-4d84-a9b3-c410075754ff","name":"Foreground Persistence","source":"Mobile","technique_attack_id":"T1541","technique_id":"e0d84924-8d3d-5529-88af-030c55e6a4d8","owner_id":null},{"id":"5c517da4-0228-4600-abb4-85f752a780b4","name":"Hijack Execution Flow","source":"Mobile","technique_attack_id":"T1625","technique_id":"8568d752-188f-57eb-80e4-4940afccc11d","owner_id":null},{"id":"2758a7a7-91c5-4116-9228-0e0a878fe7f7","name":"Linked Devices","source":"Mobile","technique_attack_id":"T1676","technique_id":"5cf6cbc5-a24a-55e7-9891-6d19b1d707d2","owner_id":null},{"id":"431ace55-d4c9-4ad7-a23c-3beb73db722c","name":"System Runtime API Hijacking","source":"Mobile","technique_attack_id":"T1625.001","technique_id":"a3ee2e20-9230-5f33-bc55-f06908b9f839","owner_id":null},{"id":"da95bda7-fdc7-4d14-a97b-e56c823eb651","name":"Compromise Application Executable","source":"Mobile","technique_attack_id":"T1577","technique_id":"42bde5a2-5eaf-5612-9072-afe45838a5a7","owner_id":null},{"id":"a2a0065b-8524-4cef-b6a0-c027046987ae","name":"Event Triggered Execution","source":"Mobile","technique_attack_id":"T1624","technique_id":"544f3c3c-575d-56b0-9cb8-cb30ba403955","owner_id":null},{"id":"2b46d763-fba3-461f-b725-c5bfcd4de08b","name":"System Firmware","source":"ICS","technique_attack_id":"T0857","technique_id":"9fe35da4-07ec-5e26-b288-59c50dc55ef3","owner_id":null},{"id":"85e970fb-787f-43e3-93c3-9bd1c5832fc6","name":"Hardcoded Credentials","source":"ICS","technique_attack_id":"T0891","technique_id":"5bbfb10e-f9f2-5ad2-b7c4-f555cf286bbc","owner_id":null},{"id":"1ce7a635-14a3-4786-980e-eee2b12fe9a0","name":"Valid Accounts","source":"ICS","technique_attack_id":"T0859","technique_id":"77282e6f-607e-5e35-b036-6b7977764108","owner_id":null},{"id":"54d5f341-4d1d-48e2-9aba-732d5e79e3d5","name":"Project File Infection","source":"ICS","technique_attack_id":"T0873","technique_id":"50694f2f-39ca-56ed-9f68-0d21bfe09668","owner_id":null},{"id":"915a1670-17d5-47c1-b0b4-e5ee1535ae96","name":"Module Firmware","source":"ICS","technique_attack_id":"T0839","technique_id":"d04f6ff7-8561-57e6-a8fa-2a1fce9a650f","owner_id":null},{"id":"647294be-04cf-4dac-ab09-c9a63703cde6","name":"Modify Program","source":"ICS","technique_attack_id":"T0889","technique_id":"dc2d8faa-bab4-5519-9c22-e8e9fafe9c12","owner_id":null},{"id":"b1e8ef70-0801-479b-9118-67ef267c0bf7","name":"Scheduled Task","source":"MITRE","technique_attack_id":"T1053.005","technique_id":"723c6d51-91db-4658-9ee0-eafb953c2d82","owner_id":null},{"id":"6af49b6a-01e7-41de-a657-4803dd53db07","name":"Socket Filters","source":"MITRE","technique_attack_id":"T1205.002","technique_id":"f0dd515b-51cf-4853-a20c-02226d099ee0","owner_id":null},{"id":"0f844891-9c9c-4cd7-9eca-65de0a2c9b10","name":"Boot or Logon Initialization Scripts","source":"MITRE","technique_attack_id":"T1037","technique_id":"c51f799b-7305-43db-8d3b-657965cad68a","owner_id":null},{"id":"e9e03966-a5d9-47e7-9629-fdce03580c9f","name":"Pluggable Authentication Modules","source":"MITRE","technique_attack_id":"T1556.003","technique_id":"852748c2-280b-41e8-ba87-d97ec9fade70","owner_id":null},{"id":"11ac05cc-3b39-4040-8bf0-c646e4f44b06","name":"Path Interception by PATH Environment Variable","source":"MITRE","technique_attack_id":"T1574.007","technique_id":"0a4dd066-6a28-4dcb-ab3d-215fc01db9cb","owner_id":null},{"id":"a32b4267-ec8a-4bb8-9ea0-1d7f614950a9","name":"PowerShell Profile","source":"MITRE","technique_attack_id":"T1546.013","technique_id":"6e65f84b-cfad-49ce-9072-f2966dc02f56","owner_id":null},{"id":"b285f5e4-0cac-4ae0-8dcc-3f1cbd5fcbc5","name":"Create or Modify System Process","source":"MITRE","technique_attack_id":"T1543","technique_id":"f8aa018b-5134-4201-87f2-e55d20f40b17","owner_id":null},{"id":"8d198a93-5c4e-426f-a1ac-b9d757b8260b","name":"External Remote Services","source":"MITRE","technique_attack_id":"T1133","technique_id":"c1f7e330-f1c4-4923-b8ad-bbd79cc63cb4","owner_id":null},{"id":"e6b035e1-ebdf-4877-95e8-ed5324256130","name":"LC_LOAD_DYLIB Addition","source":"MITRE","technique_attack_id":"T1546.006","technique_id":"cd52d338-ba23-43c8-975d-4db29aa96598","owner_id":null},{"id":"af369dc3-976e-4b9c-afc2-291d986744ab","name":"Container Orchestration Job","source":"MITRE","technique_attack_id":"T1053.007","technique_id":"eb1a471e-e3b5-4790-8c0a-b89b68f244b9","owner_id":null},{"id":"601ab2be-a142-43c3-99b1-25135e13cbd4","name":"System Firmware","source":"MITRE","technique_attack_id":"T1542.001","technique_id":"4050dbda-5cb0-4bd6-8444-841e55611f3a","owner_id":null},{"id":"876329a0-17ae-4a2a-a52f-a24a8f690fc0","name":"Services Registry Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.011","technique_id":"bc996f67-7cb7-4ba4-9156-4f2f8283d66d","owner_id":null},{"id":"433b1bd1-0174-4f0e-bbca-70e94b78a1aa","name":"Bootkit","source":"MITRE","technique_attack_id":"T1542.003","technique_id":"032985de-5e09-4889-b8c4-84d940c6346c","owner_id":null},{"id":"885dbcbe-de1a-40a6-ba50-e37a99d9f913","name":"Boot or Logon Autostart Execution","source":"MITRE","technique_attack_id":"T1547","technique_id":"17b97c19-b986-4653-850a-44aee9aaaba1","owner_id":null},{"id":"34f73078-13a8-4c11-b619-0cb01c403493","name":"Active Setup","source":"MITRE","technique_attack_id":"T1547.014","technique_id":"8bd564d2-a3f1-4367-8631-a2d2cb3a1f46","owner_id":null},{"id":"96e1c22b-5c70-42fc-b0e4-0f3543ebfb3a","name":"TFTP Boot","source":"MITRE","technique_attack_id":"T1542.005","technique_id":"6f2186f3-c798-46e8-a26f-ae033822837b","owner_id":null},{"id":"f061b680-05b1-4599-8a47-3f4c07b810e2","name":"Windows Service","source":"MITRE","technique_attack_id":"T1543.003","technique_id":"31c6dd3c-3eb2-46a9-ab85-9e8e145810a1","owner_id":null},{"id":"fbaa06e8-7b4b-4b31-99a8-c73c86c653b8","name":"Cron","source":"MITRE","technique_attack_id":"T1053.003","technique_id":"803d286d-8104-4af8-9821-3f49240edc2b","owner_id":null},{"id":"54a19037-15f3-4efb-8a14-088facaf7359","name":"Office Application Startup","source":"MITRE","technique_attack_id":"T1137","technique_id":"db846575-a79b-4403-870d-5842be82001d","owner_id":null},{"id":"dfee0a55-2432-439a-b209-bc56f9a61f66","name":"Additional Cloud Roles","source":"MITRE","technique_attack_id":"T1098.003","technique_id":"71867386-ddc2-4cdb-a0c9-7c27172c23c1","owner_id":null},{"id":"62b14a93-acc9-4900-a760-e98443ee40a7","name":"Print Processors","source":"MITRE","technique_attack_id":"T1547.012","technique_id":"f7544b99-d596-43dd-ab12-3844756f3ad7","owner_id":null},{"id":"37925e8f-b9e2-4f55-b951-a6873e967413","name":"DLL","source":"MITRE","technique_attack_id":"T1574.001","technique_id":"69cd62f8-b729-4a05-8351-5bb961f7c6d6","owner_id":null},{"id":"c2d03240-694d-4db8-ad68-0ab78a0acfa3","name":"Add-ins","source":"MITRE","technique_attack_id":"T1137.006","technique_id":"ecca6c85-3d18-40c0-84d0-d5fb7ebd72b5","owner_id":null},{"id":"9aaf40a8-6d31-4b1c-8610-2ec087fcc2d1","name":"Transport Agent","source":"MITRE","technique_attack_id":"T1505.002","technique_id":"c2be31d9-c800-4cc7-81b9-f3fdb94fbb43","owner_id":null},{"id":"ee22cd8f-817a-4aab-9774-55bfc529d00e","name":"Scheduled Task/Job","source":"MITRE","technique_attack_id":"T1053","technique_id":"0baf02af-ffaa-403f-9f0d-da51f463a1d8","owner_id":null},{"id":"c5e3795e-3173-46ee-9144-def228107adc","name":"Password Filter DLL","source":"MITRE","technique_attack_id":"T1556.002","technique_id":"cd65b0f4-a2a4-4291-aff2-1c65cf68cf6c","owner_id":null},{"id":"44d614cc-b590-41e3-9f11-c8dc578b334e","name":"Terminal Services DLL","source":"MITRE","technique_attack_id":"T1505.005","technique_id":"ae967542-1f37-4eea-993d-fff3867f2aea","owner_id":null},{"id":"baf5a6ef-f0fc-4499-9013-d8bf047c695d","name":"Software Extensions","source":"MITRE","technique_attack_id":"T1176","technique_id":"040804f6-6a87-4011-8716-66682bc16ed4","owner_id":null},{"id":"7d22be70-2380-469d-b9d3-bba2456792da","name":"Outlook Rules","source":"MITRE","technique_attack_id":"T1137.005","technique_id":"d595e757-da2e-4430-95d6-81f7d69738e8","owner_id":null},{"id":"9ecc2869-496d-496d-afff-be0c33165b27","name":"Application Shimming","source":"MITRE","technique_attack_id":"T1546.011","technique_id":"efbbe9d1-274c-4383-9c6c-44bd4eca1829","owner_id":null},{"id":"b8c1649b-d3ac-4d93-8d22-d108366de4fc","name":"Port Monitors","source":"MITRE","technique_attack_id":"T1547.010","technique_id":"ffd9430b-c727-47f4-a1f0-b1d4f8c29740","owner_id":null},{"id":"948041e4-75d0-4e29-8237-735339d14230","name":"Login Hook","source":"MITRE","technique_attack_id":"T1037.002","technique_id":"fdf95fac-f7f2-4901-b5fe-b2bafa443939","owner_id":null},{"id":"9cfb46a1-b7d8-4bec-a1a5-3d7bc26c899c","name":"Traffic Signaling","source":"MITRE","technique_attack_id":"T1205","technique_id":"c2cf211a-9676-4922-a386-69697ab4934a","owner_id":null},{"id":"2d1dac10-a7f4-4b71-a4f8-099e96f4c501","name":"Shortcut Modification","source":"MITRE","technique_attack_id":"T1547.009","technique_id":"bfde0a09-8109-41e4-b8c9-68fe20e8131b","owner_id":null},{"id":"e8806c10-f496-49bf-aea6-1be1f9e63ee1","name":"Implant Internal Image","source":"MITRE","technique_attack_id":"T1525","technique_id":"b4f2b54c-d304-4e05-a813-69bc7e6fd1f3","owner_id":null},{"id":"cdb812a1-95e7-422e-8f04-2c4ab5ba1b45","name":"Security Support Provider","source":"MITRE","technique_attack_id":"T1547.005","technique_id":"8a6ec54e-c7cd-4e3c-b848-21f8be2f864a","owner_id":null},{"id":"d2260bc4-a36c-41dd-84bc-25ede91f65ff","name":"Hybrid Identity","source":"MITRE","technique_attack_id":"T1556.007","technique_id":"b0a1ef13-0c54-47e8-a220-7543ba41a327","owner_id":null},{"id":"efbdad4f-d132-4ac7-9bbe-4e72b77fb713","name":"Path Interception by Search Order Hijacking","source":"MITRE","technique_attack_id":"T1574.008","technique_id":"0df21d65-c885-415a-8f91-477ae1b37839","owner_id":null},{"id":"e2f57527-f828-49d3-b0d3-cecf79b430fa","name":"Web Shell","source":"MITRE","technique_attack_id":"T1505.003","technique_id":"05a5318f-476d-44c1-8a85-9466295d31dd","owner_id":null},{"id":"3098b299-3b6f-4903-90ae-81e30fbfff21","name":"Default Accounts","source":"MITRE","technique_attack_id":"T1078.001","technique_id":"6c55cf9c-0259-4ba0-9574-e90f6c88e6fd","owner_id":null},{"id":"32ec24b0-0df1-4595-9862-57bb9b521ec2","name":"Time Providers","source":"MITRE","technique_attack_id":"T1547.003","technique_id":"2e8cd9a0-846f-416b-80ba-21a15019ce73","owner_id":null},{"id":"6ac3625c-8d54-4ad6-8b57-0ed6cb0edf59","name":"Trap","source":"MITRE","technique_attack_id":"T1546.005","technique_id":"82c07e34-9f67-4f4e-a513-c22a17b508e5","owner_id":null},{"id":"09de82f0-c04c-4f8a-b3af-bcb5b6951968","name":"Dynamic Linker Hijacking","source":"MITRE","technique_attack_id":"T1574.006","technique_id":"b0d884c3-cf87-4610-992d-4ec54c667759","owner_id":null},{"id":"5a50c440-88a7-43d0-87a8-d380d7ff33d5","name":"Local Account","source":"MITRE","technique_attack_id":"T1136.001","technique_id":"287201c6-56c8-458d-a6b3-5d84ad1099d7","owner_id":null},{"id":"1ac7696a-9f0b-4ced-8f6e-50851df79511","name":"Winlogon Helper DLL","source":"MITRE","technique_attack_id":"T1547.004","technique_id":"6f42559d-fb54-4c82-9ea7-eb9c709dac07","owner_id":null},{"id":"6f085949-04e6-42a1-a0fd-a188dd6d6dee","name":"SSH Authorized Keys","source":"MITRE","technique_attack_id":"T1098.004","technique_id":"4659b96f-0e8d-4480-966b-c75062645f14","owner_id":null},{"id":"a321a961-4c3a-4349-8cef-40abfdce0da1","name":"Image File Execution Options Injection","source":"MITRE","technique_attack_id":"T1546.012","technique_id":"91d813d3-c17c-4c4c-b86e-0667f669a2f4","owner_id":null},{"id":"f8866939-22c8-4eef-976a-18a1edd2c5e4","name":"Launch Daemon","source":"MITRE","technique_attack_id":"T1543.004","technique_id":"eff618a9-6498-4b01-bca1-cd5f3784fc27","owner_id":null},{"id":"855d8214-cba8-4cf5-b68b-ddc1c7f43f8f","name":"Executable Installer File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.005","technique_id":"1f6a471d-49c6-4150-b213-2422d5fd3f26","owner_id":null},{"id":"ea2799af-c84f-462d-a8c9-5eb59981fb75","name":"Accessibility Features","source":"MITRE","technique_attack_id":"T1546.008","technique_id":"9ed0f5c3-49ff-4c43-bb77-c00e466ce3ba","owner_id":null},{"id":"4c498a0e-db56-4111-84db-fdabfb5c8c26","name":"Domain Account","source":"MITRE","technique_attack_id":"T1136.002","technique_id":"7a7e10ce-f033-460c-9183-5e29a9feb927","owner_id":null},{"id":"eb66e6e7-195d-471a-8806-12431f700c5a","name":"Component Firmware","source":"MITRE","technique_attack_id":"T1542.002","technique_id":"764041d4-ff10-45d0-b42e-2f23ca334740","owner_id":null},{"id":"d940934f-aa9d-4f83-a23c-1708694fb4b7","name":"Office Template Macros","source":"MITRE","technique_attack_id":"T1137.001","technique_id":"83a2facf-84e7-4a3c-9dcd-74c4fd33fec6","owner_id":null},{"id":"0beccb86-362d-47cd-ab46-2abcd7d32217","name":"AppCert DLLs","source":"MITRE","technique_attack_id":"T1546.009","technique_id":"4216058d-0912-4ff3-a7fd-dd7a7b346c96","owner_id":null},{"id":"9b2a0ec0-b98c-4f83-8009-83d027440311","name":"Device Registration","source":"MITRE","technique_attack_id":"T1098.005","technique_id":"34ffaa47-f591-4a44-bd7d-9790d81365cd","owner_id":null},{"id":"d11cc827-6dba-42c5-87a5-2776d36a099a","name":"Pre-OS Boot","source":"MITRE","technique_attack_id":"T1542","technique_id":"33cd26b0-0248-4ee2-97a6-aab6a79824af","owner_id":null},{"id":"13f01385-4448-434d-b1d6-c2710813a074","name":"Login Items","source":"MITRE","technique_attack_id":"T1547.015","technique_id":"6556e1cb-87d0-4e67-9d5c-343d1eddf430","owner_id":null},{"id":"81428399-f3f2-484b-a117-cd8372a4e500","name":"Port Knocking","source":"MITRE","technique_attack_id":"T1205.001","technique_id":"34a112db-c61d-4ea2-872f-de3fc1af87a3","owner_id":null},{"id":"236a37e1-01cc-4b7c-a522-b0784b7eb6e1","name":"Additional Cloud Credentials","source":"MITRE","technique_attack_id":"T1098.001","technique_id":"0799f2ee-3a83-452e-9fa9-83e91d83be25","owner_id":null},{"id":"e9e80c39-28a4-4466-80fa-36c86850dbae","name":"Windows Management Instrumentation Event Subscription","source":"MITRE","technique_attack_id":"T1546.003","technique_id":"043ffb62-dacd-4e21-9c86-b31826176283","owner_id":null},{"id":"b8da3741-ebb5-49ff-8a9b-aa977d20663d","name":"Compromise Host Software Binary","source":"MITRE","technique_attack_id":"T1554","technique_id":"05435e33-05fe-4a41-b8e4-694d45eb9147","owner_id":null},{"id":"f5b35f9a-c30f-41f9-9e99-5b830ba01fe7","name":"Change Default File Association","source":"MITRE","technique_attack_id":"T1546.001","technique_id":"9cfbe3ba-957e-49fd-9494-9870e5d0ae16","owner_id":null},{"id":"a796c2c2-b70d-4778-ae71-4bf06e34cba4","name":"Emond","source":"MITRE","technique_attack_id":"T1546.014","technique_id":"7f9dbafd-4c7e-4bd9-8aff-c2a800743a07","owner_id":null},{"id":"a16e8117-6d29-43f7-8d09-bddb8feb26e9","name":"Services File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.010","technique_id":"bd569ff9-c038-48c0-83d0-f5c784b439bc","owner_id":null},{"id":"ebede9c4-10f9-48a8-8bfb-961f69399c3f","name":"Registry Run Keys / Startup Folder","source":"MITRE","technique_attack_id":"T1547.001","technique_id":"0ca28cc0-89d0-4680-baef-94d7202c6a9b","owner_id":null},{"id":"1ffa36d1-8f3a-4bef-b940-2423212db71a","name":"Cloud Account","source":"MITRE","technique_attack_id":"T1136.003","technique_id":"d6504a4d-f6d7-4517-b0fd-ec7128d4dec9","owner_id":null},{"id":"1fcf03de-18c4-4b21-b98c-b033a43ed38c","name":"Account Manipulation","source":"MITRE","technique_attack_id":"T1098","technique_id":"65f7482c-485b-4fd7-80f5-0ec6e923ac4d","owner_id":null},{"id":"3e775fa0-53cd-495e-88ee-cfbcde4da507","name":"Kernel Modules and Extensions","source":"MITRE","technique_attack_id":"T1547.006","technique_id":"74e2b24b-3bf7-4361-bc07-983bffe674f7","owner_id":null},{"id":"d39d43ab-4b5f-42f7-8b5a-b30f26efc651","name":"KernelCallbackTable","source":"MITRE","technique_attack_id":"T1574.013","technique_id":"68ffdbed-08d8-46a2-a833-984bbf0d9b4a","owner_id":null},{"id":"db1ea7e0-e250-4cde-aa0f-58e80b92d865","name":"Systemd Timers","source":"MITRE","technique_attack_id":"T1053.006","technique_id":"8cc9e419-607e-4d2a-91d9-d47022e02bea","owner_id":null},{"id":"5cf08718-3262-45f9-ad25-ee08045d1e04","name":"ROMMONkit","source":"MITRE","technique_attack_id":"T1542.004","technique_id":"b9d60848-388e-444c-9f22-2267ea61b5e9","owner_id":null},{"id":"05c7ff09-311b-4749-80ed-e3426016669b","name":"Outlook Forms","source":"MITRE","technique_attack_id":"T1137.003","technique_id":"6fe2a6b8-bfb3-431d-8156-b2d005096f90","owner_id":null},{"id":"cad7e882-cd39-4f9f-be6b-cdb42c07d16b","name":"Hijack Execution Flow","source":"MITRE","technique_attack_id":"T1574","technique_id":"1085d0c6-4ff3-45f1-8e0c-d8f334f4ba68","owner_id":null},{"id":"61140d4f-74b6-400a-bf54-c61fc00f52d2","name":"Valid Accounts","source":"MITRE","technique_attack_id":"T1078","technique_id":"a9b7eb2f-63e7-41bc-9d77-f7c4cede5406","owner_id":null},{"id":"da09ee57-674d-4331-a004-620aed2e5327","name":"Multi-Factor Authentication","source":"MITRE","technique_attack_id":"T1556.006","technique_id":"60498bb5-fcfb-4d85-bf3e-26c30c08fbda","owner_id":null},{"id":"d00a998c-2fbb-4a89-8e7c-87e2de41f888","name":"IIS Components","source":"MITRE","technique_attack_id":"T1505.004","technique_id":"e4495b87-9b04-4313-b771-7d9703639cce","owner_id":null},{"id":"ce171211-a182-493b-bc75-47bb7ecc7310","name":"Event Triggered Execution","source":"MITRE","technique_attack_id":"T1546","technique_id":"e1e42979-d3cd-461b-afc4-a6373cbf97ba","owner_id":null},{"id":"4113483a-492d-4262-9ce8-2a15c24ef725","name":"Unix Shell Configuration Modification","source":"MITRE","technique_attack_id":"T1546.004","technique_id":"cc5ae19f-981d-4004-bb74-260b8ebad73a","owner_id":null},{"id":"dfb0cc8e-719b-4712-8d80-2e78b9a9dc40","name":"Authentication Package","source":"MITRE","technique_attack_id":"T1547.002","technique_id":"7ede5868-1109-4f22-abc7-9495658f7866","owner_id":null},{"id":"82795a3e-bd3f-4d65-bf7a-0ce4dc9ecc61","name":"Component Object Model Hijacking","source":"MITRE","technique_attack_id":"T1546.015","technique_id":"3e1ef5ba-6426-4fe0-ad48-78557667d680","owner_id":null},{"id":"9f4b6f8c-4dc8-4db2-ba11-2e33ef92c66f","name":"Outlook Home Page","source":"MITRE","technique_attack_id":"T1137.004","technique_id":"12d918e0-51f7-45cf-b67c-fa60d15599f2","owner_id":null},{"id":"44cf2ea3-8ac8-41b7-90cb-47a2e8b4c16d","name":"Path Interception by Unquoted Path","source":"MITRE","technique_attack_id":"T1574.009","technique_id":"08188de6-22c8-42af-b01c-f1c250c22514","owner_id":null},{"id":"bb8d641f-6ebe-401c-9e96-a5ec57c93bbe","name":"Startup Items","source":"MITRE","technique_attack_id":"T1037.005","technique_id":"3d52cd7c-d81b-4762-9749-612bbbccb415","owner_id":null},{"id":"6e3841c0-62c4-4c87-83af-e80af92eb42d","name":"Domain Accounts","source":"MITRE","technique_attack_id":"T1078.002","technique_id":"74b99029-3f0a-4cc8-90d6-5a6b177c06eb","owner_id":null},{"id":"9e16b2b2-f5bc-497f-ab87-8d71d06f6cc9","name":"Network Logon Script","source":"MITRE","technique_attack_id":"T1037.003","technique_id":"3701f955-596b-422e-9fce-09c4f49cf080","owner_id":null},{"id":"8af98f4d-0ecc-43e0-ba94-7be28883284b","name":"BITS Jobs","source":"MITRE","technique_attack_id":"T1197","technique_id":"6b278e5d-7383-42a4-9425-2da79bbe43e0","owner_id":null},{"id":"9ff9d754-92a6-46cb-8b18-6aa1408abb3d","name":"AppInit DLLs","source":"MITRE","technique_attack_id":"T1546.010","technique_id":"36b58363-ca6a-4614-bf6f-bfaecafedb5f","owner_id":null},{"id":"8f459809-46b9-40d3-82cf-07ae071809fc","name":"Screensaver","source":"MITRE","technique_attack_id":"T1546.002","technique_id":"3f9cd334-0b86-478f-97fa-c3aedd8035d8","owner_id":null},{"id":"df5e9274-ae96-4af6-9fcb-251394dc3059","name":"Launch Agent","source":"MITRE","technique_attack_id":"T1543.001","technique_id":"6dbe030c-5f87-4b45-9b6b-5bba2c0fad00","owner_id":null},{"id":"bfe1b0cb-0ab9-4da4-9f3b-af94ab3d5041","name":"Server Software Component","source":"MITRE","technique_attack_id":"T1505","technique_id":"03fb32fa-cdee-4e94-ae3e-16b51a10ba9c","owner_id":null},{"id":"73340f39-ba56-41ff-aa7b-2b98bb84df2b","name":"Domain Controller Authentication","source":"MITRE","technique_attack_id":"T1556.001","technique_id":"82d15799-9776-463e-9b87-a58d682cee55","owner_id":null},{"id":"737179f3-a150-4646-b7f6-6fc3dc8d62e4","name":"Reversible Encryption","source":"MITRE","technique_attack_id":"T1556.005","technique_id":"9dc21246-3788-48d6-b6a1-f2a39ee38557","owner_id":null},{"id":"6787a2f9-fdc9-4120-a6e5-79bb1bafd568","name":"Installer Packages","source":"MITRE","technique_attack_id":"T1546.016","technique_id":"8b8c0f91-17fb-41fe-905c-9cbf45593877","owner_id":null},{"id":"886edcfc-2879-42dd-8ae7-9e8aa5eb6cdd","name":"RC Scripts","source":"MITRE","technique_attack_id":"T1037.004","technique_id":"46ef0f74-b028-4b35-8980-bed066feb60c","owner_id":null},{"id":"3bc63808-6199-4b47-bef1-9829307ac812","name":"Systemd Service","source":"MITRE","technique_attack_id":"T1543.002","technique_id":"7aae1ad0-fb1f-484a-a176-c94e4c7ada77","owner_id":null},{"id":"ba532046-a2e2-419b-bc6f-bd21580b37fa","name":"Create Account","source":"MITRE","technique_attack_id":"T1136","technique_id":"55bcf759-a0bf-47e9-99f8-4e8ca997e6ce","owner_id":null},{"id":"1a5d9703-c9aa-486b-a815-9d8bd3443e7d","name":"XDG Autostart Entries","source":"MITRE","technique_attack_id":"T1547.013","technique_id":"45f107b6-ae8e-49d7-a3fc-ea6437fbac76","owner_id":null},{"id":"53489906-2582-45f3-ae9b-c36a7457eef6","name":"Re-opened Applications","source":"MITRE","technique_attack_id":"T1547.007","technique_id":"9459a27a-b892-4864-9916-814130bea485","owner_id":null},{"id":"de810cdc-efa2-42de-aabb-2ec0f16704ae","name":"Additional Email Delegate Permissions","source":"MITRE","technique_attack_id":"T1098.002","technique_id":"15660958-1f4f-4136-8cda-82123fd38232","owner_id":null},{"id":"a3aa3591-a6e8-4ded-9600-662603dc0562","name":"Logon Script (Windows)","source":"MITRE","technique_attack_id":"T1037.001","technique_id":"b34ba0fd-493c-4e68-91c4-918f495ad07c","owner_id":null},{"id":"1fb3597f-3632-4bcd-befd-cbb84581a583","name":"Office Test","source":"MITRE","technique_attack_id":"T1137.002","technique_id":"62c22cc4-5643-4679-a6ae-9f6a3147d2fe","owner_id":null},{"id":"14babf91-a8ce-4d9f-b270-a977d5860e5a","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1078.004","technique_id":"3c4a2f3a-5877-4a27-a417-76318523657e","owner_id":null},{"id":"865c058a-4998-46e5-9a9d-052c9a7684b3","name":"At","source":"MITRE","technique_attack_id":"T1053.002","technique_id":"6051e618-c476-41db-8b0b-0aef9d2bbbf7","owner_id":null},{"id":"4875bc0f-8e0f-4f6e-9fef-5f880ac581bb","name":"Modify Authentication Process","source":"MITRE","technique_attack_id":"T1556","technique_id":"f516ecd7-a6a6-4018-8e58-c007be05bdce","owner_id":null},{"id":"29854517-bfc0-48e2-b2bd-d72a17bdcd1b","name":"Netsh Helper DLL","source":"MITRE","technique_attack_id":"T1546.007","technique_id":"b2cae050-4916-44c0-a6a3-3fa257145872","owner_id":null},{"id":"d83c4de9-bce1-4d0b-8bd2-206e9fcc98d0","name":"SQL Stored Procedures","source":"MITRE","technique_attack_id":"T1505.001","technique_id":"35197aee-8cc9-4584-bd22-33c8885db669","owner_id":null},{"id":"5c54d139-d20f-4555-9819-e82658551ec3","name":"Network Device Authentication","source":"MITRE","technique_attack_id":"T1556.004","technique_id":"195aa08b-15fd-4019-b905-8f31bc5e2094","owner_id":null},{"id":"d8a89a1a-f6fc-4208-9f7a-48ddfd09d7e3","name":"Dylib Hijacking","source":"MITRE","technique_attack_id":"T1574.004","technique_id":"6c8fa277-33c3-45b5-8f0d-9b1c0ccaf284","owner_id":null},{"id":"e5df8d93-ca76-47cf-a2e3-709a6f54c1a8","name":"Local Accounts","source":"MITRE","technique_attack_id":"T1078.003","technique_id":"d2a19fd8-ff9c-4f9e-9e84-ed3ea12c4b7c","owner_id":null},{"id":"ceb32a3b-5c09-4810-8cb5-da394fb665d4","name":"COR_PROFILER","source":"MITRE","technique_attack_id":"T1574.012","technique_id":"110c385f-9f27-4fd6-837c-6261294073ab","owner_id":null},{"id":"82e82daf-a711-47c3-9a61-ecb3b89ce920","name":"LSASS Driver","source":"MITRE","technique_attack_id":"T1547.008","technique_id":"bce86020-2851-4b01-97a9-e51a6b23ea68","owner_id":null},{"id":"e168461d-ddde-5790-924a-973c8bbd857a","name":"Additional Local or Domain Groups","source":"MITRE","technique_attack_id":"T1098.007","technique_id":"25a957d5-0c89-52a1-b446-bf993e17631c","owner_id":null},{"id":"09305d50-9a83-550e-85e5-d14183abbc17","name":"Udev Rules","source":"MITRE","technique_attack_id":"T1546.017","technique_id":"6823f994-6b4e-5170-ba2b-bd4bc6f0c452","owner_id":null},{"id":"30edacd6-76e8-53d9-9641-852d9ec7191f","name":"Python Startup Hooks","source":"MITRE","technique_attack_id":"T1546.018","technique_id":"7fd2ca2c-f5cb-5307-8fef-47914a43e2b8","owner_id":null},{"id":"82773959-d466-595c-96f3-f4dc71c2f0e3","name":"Browser Extensions","source":"MITRE","technique_attack_id":"T1176.001","technique_id":"96d578d9-5089-5e92-973b-cbc3a3a0a826","owner_id":null},{"id":"0ae7f749-a648-513a-a31f-3835f115ffd2","name":"Modify Registry","source":"MITRE","technique_attack_id":"T1112","technique_id":"0dfeab84-3c42-4b56-9021-70fe5be4092b","owner_id":null},{"id":"e5f397ca-0d3b-5db8-b9c9-6ec8eadc4478","name":"IDE Extensions","source":"MITRE","technique_attack_id":"T1176.002","technique_id":"b4455e1e-db2c-5587-a266-0fac12b387db","owner_id":null},{"id":"371f4a65-d9e2-5493-880c-b7d2ea0c9d5b","name":"Cloud Application Integration","source":"MITRE","technique_attack_id":"T1671","technique_id":"66ee2daa-b508-567f-abdc-f5060891b71e","owner_id":null},{"id":"f9573e8a-6177-5417-90a2-08deda302acd","name":"Exclusive Control","source":"MITRE","technique_attack_id":"T1668","technique_id":"7b90deae-cf22-54f1-90e0-a4668f13f547","owner_id":null},{"id":"fda3ade8-22e3-5343-ba87-f4b4a82e277e","name":"vSphere Installation Bundles","source":"MITRE","technique_attack_id":"T1505.006","technique_id":"55750ba6-fa17-519a-a339-11fd0f8d26ab","owner_id":null},{"id":"6ac3c0d1-58ef-5954-95e5-f908de0f12a9","name":"Network Provider DLL","source":"MITRE","technique_attack_id":"T1556.008","technique_id":"f1329084-6e9c-5933-83cd-56c1bf8439e3","owner_id":null},{"id":"6e65328b-ddce-5cd4-b02f-c4146d44e9c6","name":"AppDomainManager","source":"MITRE","technique_attack_id":"T1574.014","technique_id":"3d6727cd-d297-51e9-a6a2-8718284bf8e5","owner_id":null},{"id":"fee7c894-9a14-57bf-80d8-ab20ba8515a8","name":"Container Service","source":"MITRE","technique_attack_id":"T1543.005","technique_id":"b9490b5f-645c-54a6-bf50-ad63540e6a07","owner_id":null},{"id":"92f6c422-6c2e-5e80-abce-9f7ae330d735","name":"Conditional Access Policies","source":"MITRE","technique_attack_id":"T1556.009","technique_id":"2fa370dd-42be-5c10-85e8-294624c8a778","owner_id":null},{"id":"07796c94-ac6d-58ae-9055-a817fb2a798a","name":"Additional Container Cluster Roles","source":"MITRE","technique_attack_id":"T1098.006","technique_id":"1169afd3-d80d-5942-b16f-8dc1812ef6bb","owner_id":null},{"id":"f730385c-3f25-5d92-ab41-828e2db7b7ed","name":"Power Settings","source":"MITRE","technique_attack_id":"T1653","technique_id":"0719ea2b-d630-5ada-9b04-c3136ff530ae","owner_id":null}],"tags":[],"tidal_id":"eab2f648-75f6-5854-b6f9-c30a0bfa8e35","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"b17dde68-dbcf-4cfd-9bb8-be014ec65c37","name":"Privilege Escalation","description":"The adversary is trying to gain higher-level permissions.\n\nPrivilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: \n\n* SYSTEM/root level\n* local administrator\n* user account with admin-like access \n* user accounts with access to specific system or perform specific function\n\nThese techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.  ","ordinal_position":6,"source":"MITRE","tactic_attack_id":"TA0004","owner_name":null,"techniques":[{"id":"c508d9ed-ea8d-4f10-a154-610c7952f141","name":"Abuse Elevation Control Mechanism","source":"Mobile","technique_attack_id":"T1626","technique_id":"dc8094a9-ec1b-5c76-89c2-962e946a4867","owner_id":null},{"id":"0b3387df-b17d-4331-b462-1abd1467b903","name":"Ptrace System Calls","source":"Mobile","technique_attack_id":"T1631.001","technique_id":"9a067f23-bd06-5c83-b6eb-951f8ee1174a","owner_id":null},{"id":"53f033d1-9743-4ce2-9701-786b11050a8f","name":"Exploitation for Privilege Escalation","source":"Mobile","technique_attack_id":"T1404","technique_id":"6c013b4b-81b3-506d-96b4-b4cb023a8d22","owner_id":null},{"id":"2a103539-ee2e-49a4-9b74-d05c03ba0a67","name":"Device Administrator Permissions","source":"Mobile","technique_attack_id":"T1626.001","technique_id":"2acb5630-2501-531c-8df5-1797eafa45d7","owner_id":null},{"id":"94042f99-61b9-47b4-8040-645973bd2cc8","name":"Process Injection","source":"Mobile","technique_attack_id":"T1631","technique_id":"952c95c9-67ee-5915-90e6-018c50495bf7","owner_id":null},{"id":"0117f38e-1f5e-4ebc-a432-98cfcd51c9ce","name":"Hooking","source":"ICS","technique_attack_id":"T0874","technique_id":"346b73a3-6e36-53cb-8018-c475f17cbea4","owner_id":null},{"id":"f2f45715-0dc1-41f4-9970-bac6cb955cf4","name":"Exploitation for Privilege Escalation","source":"ICS","technique_attack_id":"T0890","technique_id":"0a7bc223-859a-5fc9-8856-7a57fb248c76","owner_id":null},{"id":"6b693b50-d034-4d94-9d99-bd4b55e3e71d","name":"Extra Window Memory Injection","source":"MITRE","technique_attack_id":"T1055.011","technique_id":"43d872bd-3d54-4ea3-bc89-a2f979db0d5a","owner_id":null},{"id":"8ae7b515-328d-46d0-9460-d6e6f15e042b","name":"Scheduled Task","source":"MITRE","technique_attack_id":"T1053.005","technique_id":"723c6d51-91db-4658-9ee0-eafb953c2d82","owner_id":null},{"id":"8b32e1b6-b498-4bab-b54e-0526eb8e1f7a","name":"Boot or Logon Initialization Scripts","source":"MITRE","technique_attack_id":"T1037","technique_id":"c51f799b-7305-43db-8d3b-657965cad68a","owner_id":null},{"id":"a70ff50a-c5b0-42e0-b675-0f2ec9b293dd","name":"Path Interception by PATH Environment Variable","source":"MITRE","technique_attack_id":"T1574.007","technique_id":"0a4dd066-6a28-4dcb-ab3d-215fc01db9cb","owner_id":null},{"id":"cf2bf6f0-f9c9-4073-94d1-860d22d31c35","name":"PowerShell Profile","source":"MITRE","technique_attack_id":"T1546.013","technique_id":"6e65f84b-cfad-49ce-9072-f2966dc02f56","owner_id":null},{"id":"d6a6f0ec-fd18-4367-93ca-998d2b6cbe0a","name":"Create or Modify System Process","source":"MITRE","technique_attack_id":"T1543","technique_id":"f8aa018b-5134-4201-87f2-e55d20f40b17","owner_id":null},{"id":"a57be215-f915-40f4-a26d-2785f021e025","name":"LC_LOAD_DYLIB Addition","source":"MITRE","technique_attack_id":"T1546.006","technique_id":"cd52d338-ba23-43c8-975d-4db29aa96598","owner_id":null},{"id":"9620b087-6f9b-4896-bff1-d12cf71a695a","name":"Container Orchestration Job","source":"MITRE","technique_attack_id":"T1053.007","technique_id":"eb1a471e-e3b5-4790-8c0a-b89b68f244b9","owner_id":null},{"id":"b4a4b0f0-fbc4-4ef5-b801-6cf01bd9a791","name":"Bypass User Account Control","source":"MITRE","technique_attack_id":"T1548.002","technique_id":"5e1499a1-f1ad-4929-84e1-5d33c371c02d","owner_id":null},{"id":"f96437ad-21d3-452e-ab57-0ddae225af07","name":"Sudo and Sudo Caching","source":"MITRE","technique_attack_id":"T1548.003","technique_id":"e082687f-d403-4246-987b-ad5f12911e4b","owner_id":null},{"id":"c4094b3b-121a-494c-a3dd-6e3da9d30d8c","name":"Services Registry Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.011","technique_id":"bc996f67-7cb7-4ba4-9156-4f2f8283d66d","owner_id":null},{"id":"cfa03337-beff-4be9-a4fc-df3799941f42","name":"Boot or Logon Autostart Execution","source":"MITRE","technique_attack_id":"T1547","technique_id":"17b97c19-b986-4653-850a-44aee9aaaba1","owner_id":null},{"id":"42ef95be-daab-40b8-8012-f04eadc55552","name":"Active Setup","source":"MITRE","technique_attack_id":"T1547.014","technique_id":"8bd564d2-a3f1-4367-8631-a2d2cb3a1f46","owner_id":null},{"id":"0d1b01f4-a43e-445e-a04d-ac82b2b7e781","name":"Trust Modification","source":"MITRE","technique_attack_id":"T1484.002","technique_id":"f534b0a6-4445-409a-889c-6c3ac34656f1","owner_id":null},{"id":"80dbcc3c-8742-4da0-afba-44067154f394","name":"Windows Service","source":"MITRE","technique_attack_id":"T1543.003","technique_id":"31c6dd3c-3eb2-46a9-ab85-9e8e145810a1","owner_id":null},{"id":"33995e6d-f27b-4499-8bef-61f72c482f39","name":"Cron","source":"MITRE","technique_attack_id":"T1053.003","technique_id":"803d286d-8104-4af8-9821-3f49240edc2b","owner_id":null},{"id":"ff8e93af-237a-473c-b9fc-9e0addd6b39f","name":"Print Processors","source":"MITRE","technique_attack_id":"T1547.012","technique_id":"f7544b99-d596-43dd-ab12-3844756f3ad7","owner_id":null},{"id":"18163ec5-efde-4dbd-ba4e-575d4ccf564b","name":"DLL","source":"MITRE","technique_attack_id":"T1574.001","technique_id":"69cd62f8-b729-4a05-8351-5bb961f7c6d6","owner_id":null},{"id":"63f384d8-5674-4999-8f74-dc6d33931cec","name":"Scheduled Task/Job","source":"MITRE","technique_attack_id":"T1053","technique_id":"0baf02af-ffaa-403f-9f0d-da51f463a1d8","owner_id":null},{"id":"95a165f3-9448-4f13-aeeb-abcc0474a5af","name":"Thread Execution Hijacking","source":"MITRE","technique_attack_id":"T1055.003","technique_id":"8e332106-dd58-4adc-927d-57d038af797c","owner_id":null},{"id":"c25dbae6-0d59-4960-95ed-adf86d2b0d38","name":"Application Shimming","source":"MITRE","technique_attack_id":"T1546.011","technique_id":"efbbe9d1-274c-4383-9c6c-44bd4eca1829","owner_id":null},{"id":"c2f0d4bc-a57c-4123-8dce-2cbc987a7139","name":"Port Monitors","source":"MITRE","technique_attack_id":"T1547.010","technique_id":"ffd9430b-c727-47f4-a1f0-b1d4f8c29740","owner_id":null},{"id":"f8f0ee7a-30f2-4846-8d8f-7e4e077687f5","name":"Login Hook","source":"MITRE","technique_attack_id":"T1037.002","technique_id":"fdf95fac-f7f2-4901-b5fe-b2bafa443939","owner_id":null},{"id":"8bc61781-319b-490e-8221-454ba978323e","name":"Process Injection","source":"MITRE","technique_attack_id":"T1055","technique_id":"7a6208ac-c75e-4e73-8969-0aaf6085cb6e","owner_id":null},{"id":"06b61855-5c4b-4e83-a0f5-f30eb5d7c5ef","name":"Escape to Host","source":"MITRE","technique_attack_id":"T1611","technique_id":"bebaf25b-9f50-4e3b-96cc-cc55c5765b61","owner_id":null},{"id":"97b731b6-0952-4dcf-8aba-b571182df53d","name":"Shortcut Modification","source":"MITRE","technique_attack_id":"T1547.009","technique_id":"bfde0a09-8109-41e4-b8c9-68fe20e8131b","owner_id":null},{"id":"e037ccb1-5812-4bcd-8b52-7bf5a2e612ac","name":"Security Support Provider","source":"MITRE","technique_attack_id":"T1547.005","technique_id":"8a6ec54e-c7cd-4e3c-b848-21f8be2f864a","owner_id":null},{"id":"bb472f5c-edd5-4a34-80ad-3300df6ff6ed","name":"Launch Daemon","source":"MITRE","technique_attack_id":"T1543.004","technique_id":"eff618a9-6498-4b01-bca1-cd5f3784fc27","owner_id":null},{"id":"a8e53896-32fa-4678-b86a-a79e2a87ffea","name":"Path Interception by Search Order Hijacking","source":"MITRE","technique_attack_id":"T1574.008","technique_id":"0df21d65-c885-415a-8f91-477ae1b37839","owner_id":null},{"id":"264c5de2-e216-4b5e-8934-c34247968d38","name":"Group Policy Modification","source":"MITRE","technique_attack_id":"T1484.001","technique_id":"7c9035b8-ad4b-4441-be2b-823d86b54fac","owner_id":null},{"id":"a815deea-3781-44a7-a6ee-6d2e34c7b51d","name":"Default Accounts","source":"MITRE","technique_attack_id":"T1078.001","technique_id":"6c55cf9c-0259-4ba0-9574-e90f6c88e6fd","owner_id":null},{"id":"83623115-ecdb-4898-a3ae-24edfd6c9a24","name":"Time Providers","source":"MITRE","technique_attack_id":"T1547.003","technique_id":"2e8cd9a0-846f-416b-80ba-21a15019ce73","owner_id":null},{"id":"84f40f70-9080-4581-a93e-5daefd5f7dfc","name":"Trap","source":"MITRE","technique_attack_id":"T1546.005","technique_id":"82c07e34-9f67-4f4e-a513-c22a17b508e5","owner_id":null},{"id":"fb1b94f8-9f2c-4265-adfe-3868a7d36758","name":"Dynamic Linker Hijacking","source":"MITRE","technique_attack_id":"T1574.006","technique_id":"b0d884c3-cf87-4610-992d-4ec54c667759","owner_id":null},{"id":"7caf4e88-0f18-47b2-8c7c-8202ca0cb2dd","name":"Abuse Elevation Control Mechanism","source":"MITRE","technique_attack_id":"T1548","technique_id":"ac7d9875-d18b-48f6-93e6-47c565f9526b","owner_id":null},{"id":"b0e766e7-a674-4a18-befe-e59f1f850711","name":"Create Process with Token","source":"MITRE","technique_attack_id":"T1134.002","technique_id":"ef0e0599-6543-499d-8409-ef449da5c38a","owner_id":null},{"id":"1082c458-1cc6-47cd-9dbd-28bc15ffaebc","name":"Setuid and Setgid","source":"MITRE","technique_attack_id":"T1548.001","technique_id":"e939bc27-a2cc-4278-be9b-a794c34aacbc","owner_id":null},{"id":"872fb842-6de6-45bf-8ffb-3e10689bf8ed","name":"Winlogon Helper DLL","source":"MITRE","technique_attack_id":"T1547.004","technique_id":"6f42559d-fb54-4c82-9ea7-eb9c709dac07","owner_id":null},{"id":"3710ed8d-519d-46d9-ab09-6033e83dc1d1","name":"Image File Execution Options Injection","source":"MITRE","technique_attack_id":"T1546.012","technique_id":"91d813d3-c17c-4c4c-b86e-0667f669a2f4","owner_id":null},{"id":"e5d9efec-c06e-49ea-9f92-5371b7f6c137","name":"Process Doppelgänging","source":"MITRE","technique_attack_id":"T1055.013","technique_id":"5b841b56-6b47-4cec-bf80-71a9a51fa7a0","owner_id":null},{"id":"4a41be5f-89a9-4c3c-9482-66179dd0199c","name":"Executable Installer File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.005","technique_id":"1f6a471d-49c6-4150-b213-2422d5fd3f26","owner_id":null},{"id":"13a4a538-7e94-4270-abbf-00ef0999c726","name":"Accessibility Features","source":"MITRE","technique_attack_id":"T1546.008","technique_id":"9ed0f5c3-49ff-4c43-bb77-c00e466ce3ba","owner_id":null},{"id":"5255ea08-dd69-4f08-9ab0-5dd10f6c2b0c","name":"Asynchronous Procedure Call","source":"MITRE","technique_attack_id":"T1055.004","technique_id":"abccbb2a-2ea8-43b8-95dc-c583df300c07","owner_id":null},{"id":"844e1d5c-32d3-4a97-9c6c-85fc25414f82","name":"AppCert DLLs","source":"MITRE","technique_attack_id":"T1546.009","technique_id":"4216058d-0912-4ff3-a7fd-dd7a7b346c96","owner_id":null},{"id":"59884f00-4905-4bb6-abbe-d3db7b68e741","name":"Portable Executable Injection","source":"MITRE","technique_attack_id":"T1055.002","technique_id":"2afcdcd1-ce55-4837-a84d-8279bc10f948","owner_id":null},{"id":"3cb17ae2-72a9-49e9-b255-e3b48e02a163","name":"Login Items","source":"MITRE","technique_attack_id":"T1547.015","technique_id":"6556e1cb-87d0-4e67-9d5c-343d1eddf430","owner_id":null},{"id":"2217cc2a-4b6b-4c26-8bd5-449761d1b02b","name":"Token Impersonation/Theft","source":"MITRE","technique_attack_id":"T1134.001","technique_id":"ab823cbf-0238-4347-a191-a90d84b978f7","owner_id":null},{"id":"0cd05237-14b5-48ae-8504-55460ff5978a","name":"Kernel Modules and Extensions","source":"MITRE","technique_attack_id":"T1547.006","technique_id":"74e2b24b-3bf7-4361-bc07-983bffe674f7","owner_id":null},{"id":"1741b767-509e-4a45-826c-a066dea5085d","name":"Make and Impersonate Token","source":"MITRE","technique_attack_id":"T1134.003","technique_id":"561da0ae-4ebc-4356-a954-338249cac31a","owner_id":null},{"id":"2bbbece6-1969-4cbd-ab82-1411d5878b80","name":"Windows Management Instrumentation Event Subscription","source":"MITRE","technique_attack_id":"T1546.003","technique_id":"043ffb62-dacd-4e21-9c86-b31826176283","owner_id":null},{"id":"f2f00497-dd61-4c95-9a75-3c002f6b0a7b","name":"Parent PID Spoofing","source":"MITRE","technique_attack_id":"T1134.004","technique_id":"449abc18-9faf-4ea6-a420-34528c28301d","owner_id":null},{"id":"273743c2-9a50-4fbe-a481-2105a16a5f72","name":"Change Default File Association","source":"MITRE","technique_attack_id":"T1546.001","technique_id":"9cfbe3ba-957e-49fd-9494-9870e5d0ae16","owner_id":null},{"id":"c32c44f6-46ad-41a8-8a16-c9dc73331af3","name":"VDSO Hijacking","source":"MITRE","technique_attack_id":"T1055.014","technique_id":"f060dcca-e7d2-4711-b5d1-41cffcb731b0","owner_id":null},{"id":"3f8a5e06-91fc-4d4d-b159-6ac80ae63e30","name":"Emond","source":"MITRE","technique_attack_id":"T1546.014","technique_id":"7f9dbafd-4c7e-4bd9-8aff-c2a800743a07","owner_id":null},{"id":"5ad0321b-da6a-4816-9208-b085e2b9e8e4","name":"Services File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.010","technique_id":"bd569ff9-c038-48c0-83d0-f5c784b439bc","owner_id":null},{"id":"8ff12131-94c5-422d-8079-31c707cb2735","name":"Registry Run Keys / Startup Folder","source":"MITRE","technique_attack_id":"T1547.001","technique_id":"0ca28cc0-89d0-4680-baef-94d7202c6a9b","owner_id":null},{"id":"28056982-6094-4e54-af2b-28c7f9857b83","name":"KernelCallbackTable","source":"MITRE","technique_attack_id":"T1574.013","technique_id":"68ffdbed-08d8-46a2-a833-984bbf0d9b4a","owner_id":null},{"id":"c0daff8a-a71e-42aa-915e-49e7df2851d3","name":"Systemd Timers","source":"MITRE","technique_attack_id":"T1053.006","technique_id":"8cc9e419-607e-4d2a-91d9-d47022e02bea","owner_id":null},{"id":"63b7d216-caa9-444f-859b-be871399a6b6","name":"Hijack Execution Flow","source":"MITRE","technique_attack_id":"T1574","technique_id":"1085d0c6-4ff3-45f1-8e0c-d8f334f4ba68","owner_id":null},{"id":"a6cba565-3467-4127-b57d-2a4d42c0a22a","name":"Valid Accounts","source":"MITRE","technique_attack_id":"T1078","technique_id":"a9b7eb2f-63e7-41bc-9d77-f7c4cede5406","owner_id":null},{"id":"5adfb11c-94cc-46a0-bba5-5eead5dedc1d","name":"Process Hollowing","source":"MITRE","technique_attack_id":"T1055.012","technique_id":"77100337-67a1-4520-b25a-3ddd72b0d5ac","owner_id":null},{"id":"75819d89-90bf-4dac-af4e-c1676abc526e","name":"Exploitation for Privilege Escalation","source":"MITRE","technique_attack_id":"T1068","technique_id":"9cc715d7-9969-485f-87a2-c9f7ed3cc44c","owner_id":null},{"id":"50190683-1830-4d37-9a2d-e31f215cbe0b","name":"Event Triggered Execution","source":"MITRE","technique_attack_id":"T1546","technique_id":"e1e42979-d3cd-461b-afc4-a6373cbf97ba","owner_id":null},{"id":"5e5862c0-3244-4364-8c7c-084d7885b8ce","name":"Unix Shell Configuration Modification","source":"MITRE","technique_attack_id":"T1546.004","technique_id":"cc5ae19f-981d-4004-bb74-260b8ebad73a","owner_id":null},{"id":"492af5bd-fee5-42b6-a1b4-95aa3aba8039","name":"SID-History Injection","source":"MITRE","technique_attack_id":"T1134.005","technique_id":"dcb323f0-0fe6-4e26-9039-4f26f10cd3a5","owner_id":null},{"id":"2eea4b10-b8cc-4dc2-a1bd-a60415e08410","name":"Elevated Execution with Prompt","source":"MITRE","technique_attack_id":"T1548.004","technique_id":"fd6b86c5-535b-4532-a6d8-a57a6fb04c18","owner_id":null},{"id":"a4afa331-65ea-4c61-b218-3311e994d15f","name":"Authentication Package","source":"MITRE","technique_attack_id":"T1547.002","technique_id":"7ede5868-1109-4f22-abc7-9495658f7866","owner_id":null},{"id":"3c18c055-f46b-4d00-a55d-980c831275d2","name":"Component Object Model Hijacking","source":"MITRE","technique_attack_id":"T1546.015","technique_id":"3e1ef5ba-6426-4fe0-ad48-78557667d680","owner_id":null},{"id":"2e449782-8e78-4d2c-a88e-a29c5af2a83a","name":"Path Interception by Unquoted Path","source":"MITRE","technique_attack_id":"T1574.009","technique_id":"08188de6-22c8-42af-b01c-f1c250c22514","owner_id":null},{"id":"1c397f0d-602c-4e31-b47b-8ea7065dfa74","name":"Startup Items","source":"MITRE","technique_attack_id":"T1037.005","technique_id":"3d52cd7c-d81b-4762-9749-612bbbccb415","owner_id":null},{"id":"717cd6c4-8bcf-475e-97d6-08ccac70b4e7","name":"Domain Accounts","source":"MITRE","technique_attack_id":"T1078.002","technique_id":"74b99029-3f0a-4cc8-90d6-5a6b177c06eb","owner_id":null},{"id":"f9113255-d2ad-45c1-8c34-9d219a16ecd3","name":"Network Logon Script","source":"MITRE","technique_attack_id":"T1037.003","technique_id":"3701f955-596b-422e-9fce-09c4f49cf080","owner_id":null},{"id":"ed5c73e6-7296-47a6-8210-db7eff2bd88f","name":"AppInit DLLs","source":"MITRE","technique_attack_id":"T1546.010","technique_id":"36b58363-ca6a-4614-bf6f-bfaecafedb5f","owner_id":null},{"id":"a2565122-ce69-4b16-a381-94080fe9b6e0","name":"Screensaver","source":"MITRE","technique_attack_id":"T1546.002","technique_id":"3f9cd334-0b86-478f-97fa-c3aedd8035d8","owner_id":null},{"id":"febccbfe-b977-4789-87aa-e3f092f162fb","name":"Launch Agent","source":"MITRE","technique_attack_id":"T1543.001","technique_id":"6dbe030c-5f87-4b45-9b6b-5bba2c0fad00","owner_id":null},{"id":"4117229b-d32d-46fb-923d-530fb4776efe","name":"Proc Memory","source":"MITRE","technique_attack_id":"T1055.009","technique_id":"7360117a-3404-48d0-9d4b-7f6a61c08f0e","owner_id":null},{"id":"52166ad8-3c18-48b5-84cf-593949d57da3","name":"Installer Packages","source":"MITRE","technique_attack_id":"T1546.016","technique_id":"8b8c0f91-17fb-41fe-905c-9cbf45593877","owner_id":null},{"id":"8f6958b6-1c04-4b29-b496-29b2e3bcb09d","name":"RC Scripts","source":"MITRE","technique_attack_id":"T1037.004","technique_id":"46ef0f74-b028-4b35-8980-bed066feb60c","owner_id":null},{"id":"8cfc19ff-4208-4ecd-a6d4-25c4b5eb7d67","name":"Access Token Manipulation","source":"MITRE","technique_attack_id":"T1134","technique_id":"1423e8c1-7cbf-4cfb-a70d-b6fe8e1a8041","owner_id":null},{"id":"f1069152-4191-4d22-9e79-90e7d90ee8fb","name":"Systemd Service","source":"MITRE","technique_attack_id":"T1543.002","technique_id":"7aae1ad0-fb1f-484a-a176-c94e4c7ada77","owner_id":null},{"id":"133c675e-5feb-4ebe-bdd2-a461942e0282","name":"XDG Autostart Entries","source":"MITRE","technique_attack_id":"T1547.013","technique_id":"45f107b6-ae8e-49d7-a3fc-ea6437fbac76","owner_id":null},{"id":"9290727c-236c-4d53-b270-a25df7c0f603","name":"Thread Local Storage","source":"MITRE","technique_attack_id":"T1055.005","technique_id":"24e0b530-cca7-4c5c-83b2-97b83c716e42","owner_id":null},{"id":"bcb4ef56-6bdb-4e14-82e3-2f4ed3579860","name":"Re-opened Applications","source":"MITRE","technique_attack_id":"T1547.007","technique_id":"9459a27a-b892-4864-9916-814130bea485","owner_id":null},{"id":"f5a2c017-0839-49d6-bda0-ad9fcc59db51","name":"Ptrace System Calls","source":"MITRE","technique_attack_id":"T1055.008","technique_id":"e200d4c9-2d9c-4303-a2de-86baae85c60f","owner_id":null},{"id":"96068ea2-f165-45eb-be99-c3686785d4b6","name":"Logon Script (Windows)","source":"MITRE","technique_attack_id":"T1037.001","technique_id":"b34ba0fd-493c-4e68-91c4-918f495ad07c","owner_id":null},{"id":"ac1fbf7d-0454-4712-b7b4-c2285978025f","name":"ListPlanting","source":"MITRE","technique_attack_id":"T1055.015","technique_id":"c262a10e-13db-4c47-995c-87201cdf858d","owner_id":null},{"id":"750ee49a-3cf5-4716-ab7b-20317976ba96","name":"Domain or Tenant Policy Modification","source":"MITRE","technique_attack_id":"T1484","technique_id":"d092a9e1-63d0-415d-8cd0-666a261be5d9","owner_id":null},{"id":"278a337e-1d70-459c-9336-e8eace2683d7","name":"LSASS Driver","source":"MITRE","technique_attack_id":"T1547.008","technique_id":"bce86020-2851-4b01-97a9-e51a6b23ea68","owner_id":null},{"id":"098d9c06-eac6-4149-bd66-fca0b338bb48","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1078.004","technique_id":"3c4a2f3a-5877-4a27-a417-76318523657e","owner_id":null},{"id":"aa7082a2-8fc2-45a4-9d27-c29fe7167f8e","name":"At","source":"MITRE","technique_attack_id":"T1053.002","technique_id":"6051e618-c476-41db-8b0b-0aef9d2bbbf7","owner_id":null},{"id":"1064ed8d-5a77-4f16-b435-b8ecb4b73f5c","name":"Dynamic-link Library Injection","source":"MITRE","technique_attack_id":"T1055.001","technique_id":"232bb95b-a267-4cc2-8eb1-67ecdd5babd5","owner_id":null},{"id":"7df8e9af-d9f2-4fb0-93b9-3ff65a3a711e","name":"Netsh Helper DLL","source":"MITRE","technique_attack_id":"T1546.007","technique_id":"b2cae050-4916-44c0-a6a3-3fa257145872","owner_id":null},{"id":"334f982d-33c4-4b20-8287-d5cce351c98c","name":"Dylib Hijacking","source":"MITRE","technique_attack_id":"T1574.004","technique_id":"6c8fa277-33c3-45b5-8f0d-9b1c0ccaf284","owner_id":null},{"id":"840af21f-5b55-4d5e-9c77-7e9d3d18a667","name":"Local Accounts","source":"MITRE","technique_attack_id":"T1078.003","technique_id":"d2a19fd8-ff9c-4f9e-9e84-ed3ea12c4b7c","owner_id":null},{"id":"8dac3cea-8573-419f-afe8-56e681940626","name":"COR_PROFILER","source":"MITRE","technique_attack_id":"T1574.012","technique_id":"110c385f-9f27-4fd6-837c-6261294073ab","owner_id":null},{"id":"8645ec1a-c64d-55ab-a900-fe4a336a210a","name":"Additional Local or Domain Groups","source":"MITRE","technique_attack_id":"T1098.007","technique_id":"25a957d5-0c89-52a1-b446-bf993e17631c","owner_id":null},{"id":"7024a67f-3463-5980-8274-53f621410587","name":"Python Startup Hooks","source":"MITRE","technique_attack_id":"T1546.018","technique_id":"7fd2ca2c-f5cb-5307-8fef-47914a43e2b8","owner_id":null},{"id":"2d088123-4fcf-56c8-82e4-18b1612d4448","name":"Udev Rules","source":"MITRE","technique_attack_id":"T1546.017","technique_id":"6823f994-6b4e-5170-ba2b-bd4bc6f0c452","owner_id":null},{"id":"8ede1bd3-3951-5e8d-89ae-c8b5b22e2060","name":"AppDomainManager","source":"MITRE","technique_attack_id":"T1574.014","technique_id":"3d6727cd-d297-51e9-a6a2-8718284bf8e5","owner_id":null},{"id":"0c1c28fb-ce6b-58b6-b093-8e3b8b405024","name":"Temporary Elevated Cloud Access","source":"MITRE","technique_attack_id":"T1548.005","technique_id":"448dc009-2d3f-5480-aba3-0d80dc4336cd","owner_id":null},{"id":"63a31217-2731-55bb-9044-28848447d5f2","name":"Device Registration","source":"MITRE","technique_attack_id":"T1098.005","technique_id":"34ffaa47-f591-4a44-bd7d-9790d81365cd","owner_id":null},{"id":"581c79ab-5437-5c9a-80af-ea1d70c3f318","name":"Additional Cloud Credentials","source":"MITRE","technique_attack_id":"T1098.001","technique_id":"0799f2ee-3a83-452e-9fa9-83e91d83be25","owner_id":null},{"id":"858f4556-0d38-5a21-a2c5-2cb2db0976ee","name":"Account Manipulation","source":"MITRE","technique_attack_id":"T1098","technique_id":"65f7482c-485b-4fd7-80f5-0ec6e923ac4d","owner_id":null},{"id":"1a9cb410-6556-5d8a-94e2-bd6d2a6a2c7c","name":"Additional Email Delegate Permissions","source":"MITRE","technique_attack_id":"T1098.002","technique_id":"15660958-1f4f-4136-8cda-82123fd38232","owner_id":null},{"id":"1027f3ea-b10d-50c8-8afa-9b7c9eaf6c45","name":"Container Service","source":"MITRE","technique_attack_id":"T1543.005","technique_id":"b9490b5f-645c-54a6-bf50-ad63540e6a07","owner_id":null},{"id":"6b213a34-a851-59a2-820d-b7ccedb11805","name":"TCC Manipulation","source":"MITRE","technique_attack_id":"T1548.006","technique_id":"769d2e67-5430-5fdd-9a07-d1b227110ec0","owner_id":null},{"id":"03311a47-544e-5348-8f06-f2b3869631dc","name":"Additional Cloud Roles","source":"MITRE","technique_attack_id":"T1098.003","technique_id":"71867386-ddc2-4cdb-a0c9-7c27172c23c1","owner_id":null},{"id":"3a9115b7-35cf-52dd-934a-14234bebbda1","name":"Additional Container Cluster Roles","source":"MITRE","technique_attack_id":"T1098.006","technique_id":"1169afd3-d80d-5942-b16f-8dc1812ef6bb","owner_id":null},{"id":"9e90426b-d56a-54ac-bab4-15ed6f2d2ddf","name":"SSH Authorized Keys","source":"MITRE","technique_attack_id":"T1098.004","technique_id":"4659b96f-0e8d-4480-966b-c75062645f14","owner_id":null}],"tags":[],"tidal_id":"7c7e2819-f86c-5641-bf83-addaac3c0244","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"8e29c6c9-0c10-4bb0-827d-ff0ab8922726","name":"Defense Evasion","description":"The adversary is trying to avoid being detected.\n\nDefense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses. ","ordinal_position":7,"source":"MITRE","tactic_attack_id":"TA0005","owner_name":null,"techniques":[{"id":"a0ce8023-3dda-4fc7-b581-c5e32492981e","name":"Uninstall Malicious Application","source":"Mobile","technique_attack_id":"T1630.001","technique_id":"19f6b43b-c857-579d-a111-576f70ee0667","owner_id":null},{"id":"de1e8ea6-4a3a-4d8f-a76d-0088aac1d3ed","name":"Indicator Removal on Host","source":"Mobile","technique_attack_id":"T1630","technique_id":"31f7cdf5-47c9-5726-ba42-ffc9f898bc0a","owner_id":null},{"id":"4067e358-d8a8-4143-98c5-a283b536a3d2","name":"Match Legitimate Name or Location","source":"Mobile","technique_attack_id":"T1655.001","technique_id":"95d6c1a1-133c-568e-8ed2-ab8503378ff8","owner_id":null},{"id":"cff57112-8af4-466d-8b3f-bd23717b70eb","name":"Ptrace System Calls","source":"Mobile","technique_attack_id":"T1631.001","technique_id":"9a067f23-bd06-5c83-b6eb-951f8ee1174a","owner_id":null},{"id":"72b18320-6e2a-4649-aff8-6c6bd247fbb6","name":"Impair Defenses","source":"Mobile","technique_attack_id":"T1629","technique_id":"c8d885df-f579-565d-a326-40cffebe3cb3","owner_id":null},{"id":"4548ec91-3f41-4ae1-8323-10b5daae9f68","name":"User Evasion","source":"Mobile","technique_attack_id":"T1628.002","technique_id":"1580c40c-c75f-510e-a5ac-0475c82cf3d8","owner_id":null},{"id":"2ee27a45-8a7a-4941-a542-3ef2637c768f","name":"Virtualization/Sandbox Evasion","source":"Mobile","technique_attack_id":"T1633","technique_id":"6c7ca2fb-3928-5b51-a4b9-0289ea66abd8","owner_id":null},{"id":"771ba609-15d3-463a-83e6-2c56d5462cd0","name":"Application Versioning","source":"Mobile","technique_attack_id":"T1661","technique_id":"98bb0216-1704-5f2d-8dc7-9b6361e8779a","owner_id":null},{"id":"921cf4b6-3eb7-4462-9e5e-4d3290564fbf","name":"Disable or Modify Tools","source":"Mobile","technique_attack_id":"T1629.003","technique_id":"5d4602ee-0dec-5f2e-8df0-e407377ae741","owner_id":null},{"id":"e45cddfd-efff-4bc9-b80b-df205b1b5591","name":"Execution Guardrails","source":"Mobile","technique_attack_id":"T1627","technique_id":"ff06425a-ffe2-528d-96db-a1584cbdddd0","owner_id":null},{"id":"7e5f5fcc-13cc-4b38-a7b2-9fd688ec24e7","name":"Software Packing","source":"Mobile","technique_attack_id":"T1406.002","technique_id":"193b7d4b-a70e-5424-99f5-0e5b328f2f63","owner_id":null},{"id":"d3d024df-48ca-4245-ac3b-f9da8bbeb3e6","name":"Native API","source":"Mobile","technique_attack_id":"T1575","technique_id":"bd3cc9d8-587d-5f60-9a21-e499859d6f08","owner_id":null},{"id":"761b3056-799e-4cdd-a2ef-486e6f96970d","name":"Proxy Through Victim","source":"Mobile","technique_attack_id":"T1604","technique_id":"976c1251-774b-5231-bebd-e9bd9e9a4653","owner_id":null},{"id":"1ce0b06a-be8d-41f0-8604-953acb19f9ee","name":"Foreground Persistence","source":"Mobile","technique_attack_id":"T1541","technique_id":"e0d84924-8d3d-5529-88af-030c55e6a4d8","owner_id":null},{"id":"eead0ff5-8d15-4764-a1d9-566ff267135d","name":"Download New Code at Runtime","source":"Mobile","technique_attack_id":"T1407","technique_id":"e8c36e6e-9418-57f8-afe1-653eb913b247","owner_id":null},{"id":"704f686f-fd51-478e-8847-f7eb8896e097","name":"System Checks","source":"Mobile","technique_attack_id":"T1633.001","technique_id":"f4eafc6b-811a-5dbc-9001-66820245e44b","owner_id":null},{"id":"c57233ad-24e3-4923-af96-d9e8d093d004","name":"Subvert Trust Controls","source":"Mobile","technique_attack_id":"T1632","technique_id":"8180f98b-aad7-559c-8bff-ab3ecb230553","owner_id":null},{"id":"898145c0-a131-4698-b7ff-356c705aa463","name":"Virtualization Solution","source":"Mobile","technique_attack_id":"T1670","technique_id":"4cff4da2-7211-537c-b2a7-5b6dcc9c9f04","owner_id":null},{"id":"3661a5f6-9e79-4ad9-a8ad-bd09e258c1d1","name":"Disguise Root/Jailbreak Indicators","source":"Mobile","technique_attack_id":"T1630.003","technique_id":"643b013f-c14f-5026-86a7-fd61679e830d","owner_id":null},{"id":"2ab66422-1f23-4250-b651-fd65a9249ce4","name":"File Deletion","source":"Mobile","technique_attack_id":"T1630.002","technique_id":"331b94ea-756c-55d2-8ab1-6f967c96114f","owner_id":null},{"id":"45fee40c-d2b3-4d5a-a76b-54743247ad9b","name":"Device Lockout","source":"Mobile","technique_attack_id":"T1629.002","technique_id":"4a416636-e04d-5863-93f0-07e8fd26c5c8","owner_id":null},{"id":"f802f31c-6e69-42e4-b131-34b5c169a548","name":"Process Injection","source":"Mobile","technique_attack_id":"T1631","technique_id":"952c95c9-67ee-5915-90e6-018c50495bf7","owner_id":null},{"id":"be320f44-b3bb-4e57-a1a3-6338ef5be064","name":"Hooking","source":"Mobile","technique_attack_id":"T1617","technique_id":"084e8e81-12a1-5ca7-bd83-b594b13f47f7","owner_id":null},{"id":"b1028c45-aa6c-4a8a-820a-f6b4927e7647","name":"Obfuscated Files or Information","source":"Mobile","technique_attack_id":"T1406","technique_id":"e790f3ef-f6ca-508e-8788-d9b16e423752","owner_id":null},{"id":"2be623ac-3581-45dd-8f31-09b21db00f3d","name":"Input Injection","source":"Mobile","technique_attack_id":"T1516","technique_id":"98787c96-3862-5311-986f-61916cc47fc7","owner_id":null},{"id":"82f994ab-fd3e-45d9-b9fc-4fe8a21058ad","name":"Prevent Application Removal","source":"Mobile","technique_attack_id":"T1629.001","technique_id":"742b157d-2be2-528b-b5d4-f0ac5482e675","owner_id":null},{"id":"18e6c2de-7606-4d44-9821-8aa2fbed48aa","name":"Geofencing","source":"Mobile","technique_attack_id":"T1627.001","technique_id":"12e2d0b9-6f1f-59e1-8c43-31452df5ed5f","owner_id":null},{"id":"179298c3-fd37-4960-a8c5-82a5ca93238c","name":"Conceal Multimedia Files","source":"Mobile","technique_attack_id":"T1628.003","technique_id":"cd66e4e4-05f1-5ced-a6dd-7f06b18b2cd6","owner_id":null},{"id":"fcbfa65d-3e05-439f-a9f0-b745da23d32c","name":"Suppress Application Icon","source":"Mobile","technique_attack_id":"T1628.001","technique_id":"85f17fba-df34-5686-9648-8d3de8911c82","owner_id":null},{"id":"e7c92f03-7a5d-4ac9-b510-35aa84936a73","name":"Masquerading","source":"Mobile","technique_attack_id":"T1655","technique_id":"4269b474-7598-5c03-b295-e1d7dcff1dbc","owner_id":null},{"id":"85dd03ad-2933-41e9-946c-1f7152038266","name":"Steganography","source":"Mobile","technique_attack_id":"T1406.001","technique_id":"bf1b062d-310c-5304-8589-235599a96d7e","owner_id":null},{"id":"f6c886ce-d4d2-403f-9fd3-5c7ef4f06663","name":"Hide Artifacts","source":"Mobile","technique_attack_id":"T1628","technique_id":"0b66cb67-aeaf-5ff6-9d96-11b4711179a1","owner_id":null},{"id":"701188b9-bacf-4ef2-8b44-bb6cab78790a","name":"Code Signing Policy Modification","source":"Mobile","technique_attack_id":"T1632.001","technique_id":"df1de8e2-7360-56f5-9843-86e299a713c8","owner_id":null},{"id":"9139ddd4-aa4c-452c-9341-cd47164e1e2b","name":"System Binary Proxy Execution","source":"ICS","technique_attack_id":"T0894","technique_id":"7c2d8e39-272a-5796-b1d1-5ea684e37aec","owner_id":null},{"id":"0cbb9825-0c38-4c13-9a39-987d45b2ba9c","name":"Change Operating Mode","source":"ICS","technique_attack_id":"T0858","technique_id":"643ccf55-08e2-5b7b-bb56-4b1866408556","owner_id":null},{"id":"3c20c53b-f8ff-4a12-a279-3d58bbdb5d53","name":"Rootkit","source":"ICS","technique_attack_id":"T0851","technique_id":"e6bf7b96-7e00-5428-ad50-2a077b796fa2","owner_id":null},{"id":"211c6d27-46b7-4bd2-a320-1b99016e7beb","name":"Indicator Removal on Host","source":"ICS","technique_attack_id":"T0872","technique_id":"ac927a69-811d-552b-8699-72931f6754be","owner_id":null},{"id":"88c862b4-66ab-43af-9738-41bc3eb80642","name":"Spoof Reporting Message","source":"ICS","technique_attack_id":"T0856","technique_id":"03dd6fa1-a50f-5f84-848a-0eba52aa0eca","owner_id":null},{"id":"2cccf0be-9ef8-4be8-afcf-ff2b1af28655","name":"Exploitation for Evasion","source":"ICS","technique_attack_id":"T0820","technique_id":"f5a4efc0-7637-55f6-a764-ed3de30d5f60","owner_id":null},{"id":"b445d59e-50ad-42a0-8eec-9670cb51bffa","name":"Masquerading","source":"ICS","technique_attack_id":"T0849","technique_id":"50b15c22-8c62-5d2f-b4c0-d630a7e95d7a","owner_id":null},{"id":"794c67b7-9dac-4fa6-8704-49a775c545bb","name":"Extra Window Memory Injection","source":"MITRE","technique_attack_id":"T1055.011","technique_id":"43d872bd-3d54-4ea3-bc89-a2f979db0d5a","owner_id":null},{"id":"e25c43ab-3ac2-4a17-be35-e7e75c4dabd9","name":"Socket Filters","source":"MITRE","technique_attack_id":"T1205.002","technique_id":"f0dd515b-51cf-4853-a20c-02226d099ee0","owner_id":null},{"id":"c975cdc0-3d35-4dbb-bd14-1660a84232f7","name":"Rundll32","source":"MITRE","technique_attack_id":"T1218.011","technique_id":"5652575d-cdb9-44ef-9c32-fff038f15444","owner_id":null},{"id":"cb93e7e7-ce54-4f99-a079-ede94a373064","name":"Pluggable Authentication Modules","source":"MITRE","technique_attack_id":"T1556.003","technique_id":"852748c2-280b-41e8-ba87-d97ec9fade70","owner_id":null},{"id":"71837a37-ce74-446f-9989-1f042580505d","name":"Revert Cloud Instance","source":"MITRE","technique_attack_id":"T1578.004","technique_id":"d1836637-e61d-42bb-9067-b325a201b7c7","owner_id":null},{"id":"5fd68ad2-edd5-4daa-b883-a5d93be7e9b7","name":"Linux and Mac File and Directory Permissions Modification","source":"MITRE","technique_attack_id":"T1222.002","technique_id":"5c6687f6-3539-4268-a6a4-2b98fdeac0fb","owner_id":null},{"id":"dd23cff8-cfec-41f5-8248-b330cb9191a0","name":"PubPrn","source":"MITRE","technique_attack_id":"T1216.001","technique_id":"f46405a6-b9a3-4124-8bce-5a786038f28f","owner_id":null},{"id":"93d987cf-b418-4c04-ae31-6646b647590c","name":"Path Interception by PATH Environment Variable","source":"MITRE","technique_attack_id":"T1574.007","technique_id":"0a4dd066-6a28-4dcb-ab3d-215fc01db9cb","owner_id":null},{"id":"ac3c87fc-6abe-4bd8-805a-802618469105","name":"Direct Volume Access","source":"MITRE","technique_attack_id":"T1006","technique_id":"447f1d32-31f7-44b5-834a-dcba8b038e7f","owner_id":null},{"id":"0192c8bb-14a5-43cf-bbac-4237f1683689","name":"Email Hiding Rules","source":"MITRE","technique_attack_id":"T1564.008","technique_id":"01505d46-8675-408d-881e-68f4d8743d47","owner_id":null},{"id":"25747dd9-23f1-4dac-bcee-275723e69114","name":"Rootkit","source":"MITRE","technique_attack_id":"T1014","technique_id":"cf2b56f6-3ebd-48ec-b9d9-835397acef89","owner_id":null},{"id":"840fc659-81eb-4d23-ae6c-71b596b8112b","name":"Double File Extension","source":"MITRE","technique_attack_id":"T1036.007","technique_id":"7ae6fae6-b816-416d-8701-1cb471218fd5","owner_id":null},{"id":"1478eca0-3f10-4c07-8dc0-488874a9a149","name":"Bypass User Account Control","source":"MITRE","technique_attack_id":"T1548.002","technique_id":"5e1499a1-f1ad-4929-84e1-5d33c371c02d","owner_id":null},{"id":"e97e2162-9313-4439-bc88-66f3a7aac997","name":"Sudo and Sudo Caching","source":"MITRE","technique_attack_id":"T1548.003","technique_id":"e082687f-d403-4246-987b-ad5f12911e4b","owner_id":null},{"id":"22468008-7f84-492f-94bc-58141bd8f34b","name":"Modify Cloud Compute Infrastructure","source":"MITRE","technique_attack_id":"T1578","technique_id":"46c78b63-d079-441e-abdd-c16b39d4bab3","owner_id":null},{"id":"6698173c-064c-460c-8a27-cafa20b8e1ef","name":"System Firmware","source":"MITRE","technique_attack_id":"T1542.001","technique_id":"4050dbda-5cb0-4bd6-8444-841e55611f3a","owner_id":null},{"id":"02a5a242-fb66-4bfb-9ed6-8d4c7ffe0495","name":"Services Registry Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.011","technique_id":"bc996f67-7cb7-4ba4-9156-4f2f8283d66d","owner_id":null},{"id":"1eb8aacb-d2c9-41cb-853b-f56144820f8c","name":"Bootkit","source":"MITRE","technique_attack_id":"T1542.003","technique_id":"032985de-5e09-4889-b8c4-84d940c6346c","owner_id":null},{"id":"4b3d81e6-3a5d-4a4d-adfe-d2e3703cb5c6","name":"Mavinject","source":"MITRE","technique_attack_id":"T1218.013","technique_id":"766dd13c-6ee1-41da-81cd-a22a27d68103","owner_id":null},{"id":"b07c9ba2-fcef-4424-8184-0403536bc804","name":"Match Legitimate Resource Name or Location","source":"MITRE","technique_attack_id":"T1036.005","technique_id":"442f60ed-5195-45c3-9d8c-7e17cabe7869","owner_id":null},{"id":"069b4ccb-a8e2-4c14-893a-cb49725729d3","name":"Weaken Encryption","source":"MITRE","technique_attack_id":"T1600","technique_id":"8cf19b3d-c9fa-4d71-a6ab-dc0e236e57d4","owner_id":null},{"id":"6fee77dc-4fe2-4b27-9548-7337c8391cd3","name":"Hide Artifacts","source":"MITRE","technique_attack_id":"T1564","technique_id":"f37f0cd5-0446-415f-9309-94e25aa1165d","owner_id":null},{"id":"1729edd9-da18-48a2-8ff4-4aa94dfb6c35","name":"Trust Modification","source":"MITRE","technique_attack_id":"T1484.002","technique_id":"f534b0a6-4445-409a-889c-6c3ac34656f1","owner_id":null},{"id":"4c1b170a-bfb0-4f2c-ae66-c4c731078ae9","name":"Safe Mode Boot","source":"MITRE","technique_attack_id":"T1562.009","technique_id":"e6549d57-de83-4fee-96f1-2c4a1cdb654f","owner_id":null},{"id":"74cc44c7-52a0-4c9e-94dc-2d1e87e51952","name":"TFTP Boot","source":"MITRE","technique_attack_id":"T1542.005","technique_id":"6f2186f3-c798-46e8-a26f-ae033822837b","owner_id":null},{"id":"a2f428cf-4a4d-4da4-83fb-a22e2f895a1c","name":"System Checks","source":"MITRE","technique_attack_id":"T1497.001","technique_id":"026c9281-07f1-4358-96d3-151fed76b1fe","owner_id":null},{"id":"3970c72b-2ed3-4ec4-8694-618fc979f050","name":"Embedded Payloads","source":"MITRE","technique_attack_id":"T1027.009","technique_id":"81564f1d-9c72-4d03-8561-b0d255f76c5f","owner_id":null},{"id":"d10b3c9a-ec8c-4468-a713-f768cc0a3fe7","name":"Clear Linux or Mac System Logs","source":"MITRE","technique_attack_id":"T1070.002","technique_id":"2f32c30e-b79a-497a-b05f-ab8bd93aa689","owner_id":null},{"id":"807c6564-e78d-4e3e-8b23-df877ecd4ebd","name":"InstallUtil","source":"MITRE","technique_attack_id":"T1218.004","technique_id":"9ca43902-5632-43e9-9dc1-84a8eafe44bd","owner_id":null},{"id":"1c20e9b0-8ed9-487b-a5dd-99c44223e0a9","name":"Stripped Payloads","source":"MITRE","technique_attack_id":"T1027.008","technique_id":"018381a5-df0a-4636-9df2-294101fb2092","owner_id":null},{"id":"35a71d53-89d6-4300-af7f-54d571f9e802","name":"DLL","source":"MITRE","technique_attack_id":"T1574.001","technique_id":"69cd62f8-b729-4a05-8351-5bb961f7c6d6","owner_id":null},{"id":"4428914c-d243-4db1-9964-fca0dbdc1bb0","name":"Gatekeeper Bypass","source":"MITRE","technique_attack_id":"T1553.001","technique_id":"e558aca4-3db1-42a0-bec2-bb9823852b49","owner_id":null},{"id":"08ebd421-1c07-4925-ab24-95370ac39fc6","name":"Code Signing","source":"MITRE","technique_attack_id":"T1553.002","technique_id":"9449c0d5-7445-45e0-9861-7aafd6531733","owner_id":null},{"id":"4c8e14c9-8817-4541-ba85-5ef5c853ef82","name":"Windows File and Directory Permissions Modification","source":"MITRE","technique_attack_id":"T1222.001","technique_id":"9d36254c-e568-4c03-8688-e6eed5f7510c","owner_id":null},{"id":"83ba969e-b129-4ddb-b8b6-6689517e3872","name":"Msiexec","source":"MITRE","technique_attack_id":"T1218.007","technique_id":"95ea2f53-b6c8-4f85-a3f7-528eeadd3c48","owner_id":null},{"id":"962dbe82-1ecd-4065-9896-d9e00dea920c","name":"Password Filter DLL","source":"MITRE","technique_attack_id":"T1556.002","technique_id":"cd65b0f4-a2a4-4291-aff2-1c65cf68cf6c","owner_id":null},{"id":"145fa494-5b7d-4118-8d5f-0825564f39fa","name":"Clear Network Connection History and Configurations","source":"MITRE","technique_attack_id":"T1070.007","technique_id":"39d589f9-fa73-4988-95e2-2a022851d8b8","owner_id":null},{"id":"77d9dc6d-fb5e-42de-a7f1-905d8fb5c138","name":"Reduce Key Space","source":"MITRE","technique_attack_id":"T1600.001","technique_id":"aa6595d5-1b2e-45a8-8caf-b0968aeab2ba","owner_id":null},{"id":"53016f7a-58f5-4130-9e04-6e62fb7193cb","name":"Clear Command History","source":"MITRE","technique_attack_id":"T1070.003","technique_id":"074cf118-cd7f-41c2-bb54-43380bfa45ca","owner_id":null},{"id":"b5d03d33-ad22-4b49-ba32-bedfb1efc17b","name":"Indirect Command Execution","source":"MITRE","technique_attack_id":"T1202","technique_id":"91e79eb9-7f99-4890-8bef-9543d307206d","owner_id":null},{"id":"59a8127d-a370-4382-9019-ce2d3e07fac2","name":"Deobfuscate/Decode Files or Information","source":"MITRE","technique_attack_id":"T1140","technique_id":"88c2fb46-877a-4005-8425-7639d0da1920","owner_id":null},{"id":"59463dd2-269f-45b4-bd48-d5f10cbb36aa","name":"Impair Defenses","source":"MITRE","technique_attack_id":"T1562","technique_id":"e3be3d76-0a36-4060-8003-3b39c557f728","owner_id":null},{"id":"3d57dd93-3302-4d24-9248-5e207ecfff78","name":"Thread Execution Hijacking","source":"MITRE","technique_attack_id":"T1055.003","technique_id":"8e332106-dd58-4adc-927d-57d038af797c","owner_id":null},{"id":"41cd10c1-b3c5-4874-8e22-9526efea6c21","name":"Masquerading","source":"MITRE","technique_attack_id":"T1036","technique_id":"a0adacc1-8d2a-4e0b-92c1-3766264df4fd","owner_id":null},{"id":"96e427c0-73ba-493b-b2a4-2feb5bc4611b","name":"Clear Mailbox Data","source":"MITRE","technique_attack_id":"T1070.008","technique_id":"64fd8f4d-5725-46c8-a37a-020a706db1e4","owner_id":null},{"id":"3fee02f0-3067-4944-bae2-62c746606d79","name":"Process Injection","source":"MITRE","technique_attack_id":"T1055","technique_id":"7a6208ac-c75e-4e73-8969-0aaf6085cb6e","owner_id":null},{"id":"d0177214-ee61-4406-a479-b7d04bcdc4d3","name":"Traffic Signaling","source":"MITRE","technique_attack_id":"T1205","technique_id":"c2cf211a-9676-4922-a386-69697ab4934a","owner_id":null},{"id":"9f4f2408-96ba-47cc-b607-904d90ccfab4","name":"System Binary Proxy Execution","source":"MITRE","technique_attack_id":"T1218","technique_id":"4060ad55-7ff1-4127-acad-808b2bc77655","owner_id":null},{"id":"c37cbc07-e2ef-4737-9042-11452e395a10","name":"Timestomp","source":"MITRE","technique_attack_id":"T1070.006","technique_id":"e8866e77-f0ca-4a19-b83e-d33dbafaf21b","owner_id":null},{"id":"2df57811-ab01-4d3a-96c5-64958c0da246","name":"Reflective Code Loading","source":"MITRE","technique_attack_id":"T1620","technique_id":"ef85800b-080d-4739-9f3b-91b61314a93e","owner_id":null},{"id":"3bf90bb3-e008-47af-bbc7-62289961773b","name":"Time Based Checks","source":"MITRE","technique_attack_id":"T1497.003","technique_id":"0ca01a9e-571e-4b17-a84d-23e9ce39b073","owner_id":null},{"id":"1c9b6987-c2ed-460c-9017-bb3386de9e47","name":"CMSTP","source":"MITRE","technique_attack_id":"T1218.003","technique_id":"581c5073-4236-4c45-b8fc-37ae2dfbb65f","owner_id":null},{"id":"ed6706f2-5b55-4002-9bee-7509c463dba9","name":"Disable Windows Event Logging","source":"MITRE","technique_attack_id":"T1562.002","technique_id":"97918962-6509-4369-b2b5-5d02681c6700","owner_id":null},{"id":"ae1d4308-b0d3-4706-a499-fb7787202f52","name":"Control Panel","source":"MITRE","technique_attack_id":"T1218.002","technique_id":"b5cc9ab3-6501-4c50-904e-1a25a4088125","owner_id":null},{"id":"b246a40d-08e4-4214-8d39-e40180fca0b7","name":"Network Address Translation Traversal","source":"MITRE","technique_attack_id":"T1599.001","technique_id":"06f738c0-fbab-4d14-83ad-56240c8f35ac","owner_id":null},{"id":"92401498-8f44-46f3-88b1-0dd06b51d22e","name":"Use Alternate Authentication Material","source":"MITRE","technique_attack_id":"T1550","technique_id":"28f65214-95c1-4a72-b385-0b32cbcaea8f","owner_id":null},{"id":"7797d31c-a7d8-4e48-a43d-3240373c4410","name":"Disable or Modify System Firewall","source":"MITRE","technique_attack_id":"T1562.004","technique_id":"4f7d0afb-92ce-429b-9ef5-dc6a7fc4f4a8","owner_id":null},{"id":"755fbc52-6f1e-48f7-810a-f726b9ce6d70","name":"SIP and Trust Provider Hijacking","source":"MITRE","technique_attack_id":"T1553.003","technique_id":"62e5e1c5-4fee-4f05-9dd4-a6dc306a46b1","owner_id":null},{"id":"dca7c00c-8227-43fb-ac7b-10823bd24182","name":"Hybrid Identity","source":"MITRE","technique_attack_id":"T1556.007","technique_id":"b0a1ef13-0c54-47e8-a220-7543ba41a327","owner_id":null},{"id":"ed7c3088-c71f-4961-ba7a-3b97e1da0af2","name":"Rogue Domain Controller","source":"MITRE","technique_attack_id":"T1207","technique_id":"c5eb5b88-6c62-4900-9b14-c4d67d420002","owner_id":null},{"id":"616b1b75-de3d-4132-8763-95ed24846722","name":"Code Signing Policy Modification","source":"MITRE","technique_attack_id":"T1553.006","technique_id":"c26e1b28-89c9-4083-9f94-022c891bf60c","owner_id":null},{"id":"d9fd80fb-cb82-4dbb-ac26-0770ea5fce61","name":"Deploy Container","source":"MITRE","technique_attack_id":"T1610","technique_id":"2618638c-f6bd-4840-a297-c45076e094a9","owner_id":null},{"id":"22215ca6-8bf4-43a7-b77d-c8e04d228d87","name":"Modify Registry","source":"MITRE","technique_attack_id":"T1112","technique_id":"0dfeab84-3c42-4b56-9021-70fe5be4092b","owner_id":null},{"id":"6a502389-6a66-40f7-b79e-6df5325d5537","name":"Path Interception by Search Order Hijacking","source":"MITRE","technique_attack_id":"T1574.008","technique_id":"0df21d65-c885-415a-8f91-477ae1b37839","owner_id":null},{"id":"7fc89c72-b4bb-4525-9885-9e479380210b","name":"Unused/Unsupported Cloud Regions","source":"MITRE","technique_attack_id":"T1535","technique_id":"edf9f7d7-bc14-4e25-800d-f508acb580d4","owner_id":null},{"id":"afe04e7d-aa32-4e99-9eed-f4475e3f0f11","name":"Binary Padding","source":"MITRE","technique_attack_id":"T1027.001","technique_id":"8352a63b-7450-4946-93c9-b7434935d794","owner_id":null},{"id":"5ecad5a7-9600-457f-bf8f-278a1c4dcf14","name":"Group Policy Modification","source":"MITRE","technique_attack_id":"T1484.001","technique_id":"7c9035b8-ad4b-4441-be2b-823d86b54fac","owner_id":null},{"id":"fde4622f-dafe-4ed7-b319-8abec16499ce","name":"Default Accounts","source":"MITRE","technique_attack_id":"T1078.001","technique_id":"6c55cf9c-0259-4ba0-9574-e90f6c88e6fd","owner_id":null},{"id":"6348f364-1268-4c4a-877c-6d0a37c339dd","name":"Clear Windows Event Logs","source":"MITRE","technique_attack_id":"T1070.001","technique_id":"fc34e661-55c3-47be-a368-c2f5776cdd17","owner_id":null},{"id":"9c2d001a-d63b-4e00-8d01-25ba75baa600","name":"File and Directory Permissions Modification","source":"MITRE","technique_attack_id":"T1222","technique_id":"cb2e4822-2529-4216-b5b8-75158c5f85ff","owner_id":null},{"id":"4c513101-123a-4a29-8bbe-51bb06987bf9","name":"Abuse Elevation Control Mechanism","source":"MITRE","technique_attack_id":"T1548","technique_id":"ac7d9875-d18b-48f6-93e6-47c565f9526b","owner_id":null},{"id":"7d92a68a-3ae5-4d7a-a23f-007f36041171","name":"Create Process with Token","source":"MITRE","technique_attack_id":"T1134.002","technique_id":"ef0e0599-6543-499d-8409-ef449da5c38a","owner_id":null},{"id":"1a55bb8d-3b75-43b3-9dbe-30d27dbdb4a0","name":"Setuid and Setgid","source":"MITRE","technique_attack_id":"T1548.001","technique_id":"e939bc27-a2cc-4278-be9b-a794c34aacbc","owner_id":null},{"id":"c9541593-789f-4238-8eb2-c7853b6fb0cb","name":"Odbcconf","source":"MITRE","technique_attack_id":"T1218.008","technique_id":"ba8d0fed-e500-4060-9d31-277b7e4411fb","owner_id":null},{"id":"a723adc7-4cd9-42bd-9572-d32b11e6c8aa","name":"Process Doppelgänging","source":"MITRE","technique_attack_id":"T1055.013","technique_id":"5b841b56-6b47-4cec-bf80-71a9a51fa7a0","owner_id":null},{"id":"c4a63aba-2386-4db5-b401-548be3027aca","name":"Delete Cloud Instance","source":"MITRE","technique_attack_id":"T1578.003","technique_id":"d7c90fc2-b7df-4e83-96af-9cf1c428ffa3","owner_id":null},{"id":"9bb0709e-3132-4f68-95bc-1459a57014a2","name":"Executable Installer File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.005","technique_id":"1f6a471d-49c6-4150-b213-2422d5fd3f26","owner_id":null},{"id":"30088832-98cb-4a06-b03d-007c954aa11d","name":"Indicator Blocking","source":"MITRE","technique_attack_id":"T1562.006","technique_id":"154dccf2-21fa-4aee-99cc-d959d841f8b1","owner_id":null},{"id":"f7633c34-ff7a-4a62-a23e-29c275082a77","name":"Disable or Modify Cloud Firewall","source":"MITRE","technique_attack_id":"T1562.007","technique_id":"ccb72576-4e85-4c7b-89b8-fa67cc6cdbef","owner_id":null},{"id":"c4e5cd12-1aef-42db-89a1-446324002de1","name":"Right-to-Left Override","source":"MITRE","technique_attack_id":"T1036.002","technique_id":"495604b5-f74f-4224-9c3c-f8aacf8aef51","owner_id":null},{"id":"211feea8-30f3-4942-853d-9ad6f3fa32fc","name":"Component Firmware","source":"MITRE","technique_attack_id":"T1542.002","technique_id":"764041d4-ff10-45d0-b42e-2f23ca334740","owner_id":null},{"id":"5260c466-cc6d-4e4f-ad70-75e86c7032b3","name":"Indicator Removal","source":"MITRE","technique_attack_id":"T1070","technique_id":"fa1507f1-c763-4af1-8bd9-a2fb8f7904be","owner_id":null},{"id":"43280531-d522-4f5b-be22-93bcfc43521f","name":"Pass the Ticket","source":"MITRE","technique_attack_id":"T1550.003","technique_id":"5e771f38-6286-4330-b7b4-38071ad6b68a","owner_id":null},{"id":"b4d73789-2db6-42ad-8f84-0be4ff91403e","name":"Masquerade Task or Service","source":"MITRE","technique_attack_id":"T1036.004","technique_id":"86c2f355-3c97-44c1-9a83-e3d016f50535","owner_id":null},{"id":"899d8ba1-455a-4b59-86ab-c75f5ed0b896","name":"Asynchronous Procedure Call","source":"MITRE","technique_attack_id":"T1055.004","technique_id":"abccbb2a-2ea8-43b8-95dc-c583df300c07","owner_id":null},{"id":"fd545dc1-605e-4129-8767-016cce36a8fd","name":"Plist File Modification","source":"MITRE","technique_attack_id":"T1647","technique_id":"ee177ad0-d282-42c0-91f9-7bcf724e3d31","owner_id":null},{"id":"3bc5a1db-d6e6-4617-8dfe-c8a1eab21d67","name":"Mark-of-the-Web Bypass","source":"MITRE","technique_attack_id":"T1553.005","technique_id":"7ee64e42-6d3b-47f8-a2a9-55263537bd51","owner_id":null},{"id":"f2808d59-e95f-40f7-a8ce-2444e43b2f7e","name":"Disable Crypto Hardware","source":"MITRE","technique_attack_id":"T1600.002","technique_id":"f413afa2-406d-4e8e-a12c-5f1b8ef05d8a","owner_id":null},{"id":"5c077a98-c676-45ac-bfd6-50790b082b65","name":"Pre-OS Boot","source":"MITRE","technique_attack_id":"T1542","technique_id":"33cd26b0-0248-4ee2-97a6-aab6a79824af","owner_id":null},{"id":"2a36ef81-75f6-4c5d-b5b8-15ec41257616","name":"Build Image on Host","source":"MITRE","technique_attack_id":"T1612","technique_id":"49749e13-48ed-49fc-82d1-13ae13b457c1","owner_id":null},{"id":"10d5adcd-08ce-5779-acc1-e87887a2774e","name":"Modify Cloud Resource Hierarchy","source":"MITRE","technique_attack_id":"T1666","technique_id":"fbc49122-feae-52bf-9b96-93594cb5a01d","owner_id":null},{"id":"af160a3a-9a92-41ac-9ad9-38ee471e24c6","name":"Dynamic Linker Hijacking","source":"MITRE","technique_attack_id":"T1574.006","technique_id":"b0d884c3-cf87-4610-992d-4ec54c667759","owner_id":null},{"id":"ea033b29-9b52-4862-b457-441b6dd12c90","name":"Portable Executable Injection","source":"MITRE","technique_attack_id":"T1055.002","technique_id":"2afcdcd1-ce55-4837-a84d-8279bc10f948","owner_id":null},{"id":"ea4a4a70-ecef-4f53-b7f9-a1ae4c7383ae","name":"Verclsid","source":"MITRE","technique_attack_id":"T1218.012","technique_id":"e8eb0242-9972-4c8b-af89-7731065d79f8","owner_id":null},{"id":"5fd51019-5e1d-41ee-85e0-51acc637a30d","name":"Downgrade Attack","source":"MITRE","technique_attack_id":"T1562.010","technique_id":"257fffe4-d17b-4e63-a41c-8388936d6215","owner_id":null},{"id":"85d59706-74cb-46d7-8f3e-22df4e0edb4b","name":"Virtualization/Sandbox Evasion","source":"MITRE","technique_attack_id":"T1497","technique_id":"63baf71d-f46f-4ac8-a3a6-8345ddd2f7a8","owner_id":null},{"id":"9b89d6b7-44b3-4366-9f72-00d6e9a2cf83","name":"Mshta","source":"MITRE","technique_attack_id":"T1218.005","technique_id":"d54c50df-3cb8-4fff-86c4-ae5be57937ad","owner_id":null},{"id":"6002e0d4-2027-42e3-9f9e-f5cb79329996","name":"Execution Guardrails","source":"MITRE","technique_attack_id":"T1480","technique_id":"aca9cbac-5c11-4050-8d9c-2a947c89a1e8","owner_id":null},{"id":"9f9bcb25-e33b-4ffc-9ca6-e63c307f1aff","name":"Token Impersonation/Theft","source":"MITRE","technique_attack_id":"T1134.001","technique_id":"ab823cbf-0238-4347-a191-a90d84b978f7","owner_id":null},{"id":"44a0043c-ae3c-4841-8dc7-ae10fc56994d","name":"Compile After Delivery","source":"MITRE","technique_attack_id":"T1027.004","technique_id":"bd52a415-2b7a-4048-84bf-b20f385b357e","owner_id":null},{"id":"05537170-0a5b-4d91-87fb-2d8692827d62","name":"Port Knocking","source":"MITRE","technique_attack_id":"T1205.001","technique_id":"34a112db-c61d-4ea2-872f-de3fc1af87a3","owner_id":null},{"id":"37fc0cdd-d5a4-4a80-b2d7-c63a01f3a0e1","name":"Hidden Users","source":"MITRE","technique_attack_id":"T1564.002","technique_id":"487916b2-99f6-40cd-8529-5a81d2f199db","owner_id":null},{"id":"f8b43f38-24d4-42a5-abb9-573b92e3bede","name":"Make and Impersonate Token","source":"MITRE","technique_attack_id":"T1134.003","technique_id":"561da0ae-4ebc-4356-a954-338249cac31a","owner_id":null},{"id":"dc84f358-bf9b-4277-a00a-a261d02ee501","name":"Impair Command History Logging","source":"MITRE","technique_attack_id":"T1562.003","technique_id":"fe8b3b28-41ad-405b-a2b8-9c10048550c2","owner_id":null},{"id":"efe7011c-aeb7-4cfe-bbf1-91cea79b8ebb","name":"User Activity Based Checks","source":"MITRE","technique_attack_id":"T1497.002","technique_id":"cb268bcf-3c2f-4583-94e3-7c9f0893e52f","owner_id":null},{"id":"0b43d47c-1ebd-45c0-a14d-2949983095e6","name":"Parent PID Spoofing","source":"MITRE","technique_attack_id":"T1134.004","technique_id":"449abc18-9faf-4ea6-a420-34528c28301d","owner_id":null},{"id":"156e8b8c-2506-4d85-8d2e-00f7d1e1959d","name":"VDSO Hijacking","source":"MITRE","technique_attack_id":"T1055.014","technique_id":"f060dcca-e7d2-4711-b5d1-41cffcb731b0","owner_id":null},{"id":"1c9ef046-9fcc-4591-818b-106a1a4ba3cb","name":"Services File Permissions Weakness","source":"MITRE","technique_attack_id":"T1574.010","technique_id":"bd569ff9-c038-48c0-83d0-f5c784b439bc","owner_id":null},{"id":"2b72c930-dceb-4f19-8fc1-489f3c716edc","name":"KernelCallbackTable","source":"MITRE","technique_attack_id":"T1574.013","technique_id":"68ffdbed-08d8-46a2-a833-984bbf0d9b4a","owner_id":null},{"id":"173a9b94-e572-4fce-9608-abd2ae587d1c","name":"ROMMONkit","source":"MITRE","technique_attack_id":"T1542.004","technique_id":"b9d60848-388e-444c-9f22-2267ea61b5e9","owner_id":null},{"id":"109197b9-0265-450c-9ce4-a44e44d10df3","name":"Compiled HTML File","source":"MITRE","technique_attack_id":"T1218.001","technique_id":"b5c7edc6-0cc7-4c57-b39f-3b0474433889","owner_id":null},{"id":"cdd53fc1-e1e8-4426-b8d1-25669ded80c0","name":"Network Share Connection Removal","source":"MITRE","technique_attack_id":"T1070.005","technique_id":"8325f2fd-35a3-4c0c-895d-7c82dd4ba2fb","owner_id":null},{"id":"c54891d8-c64c-4f79-a5eb-d72d9c096d75","name":"Disable or Modify Tools","source":"MITRE","technique_attack_id":"T1562.001","technique_id":"9f290216-b2ab-47b5-b9ae-a94ae6d357c6","owner_id":null},{"id":"9af787fd-18be-4a7c-9294-377affb9a172","name":"Modify System Image","source":"MITRE","technique_attack_id":"T1601","technique_id":"f435a5ff-78d2-44de-b464-2b5528f94adc","owner_id":null},{"id":"bca0dbce-29bb-4150-8154-61ab290d2878","name":"Hijack Execution Flow","source":"MITRE","technique_attack_id":"T1574","technique_id":"1085d0c6-4ff3-45f1-8e0c-d8f334f4ba68","owner_id":null},{"id":"05e1ed87-fb14-45cd-a9bf-c2950b32ea4f","name":"Indicator Removal from Tools","source":"MITRE","technique_attack_id":"T1027.005","technique_id":"2507fbbc-ea9e-4e18-9329-b728847d7462","owner_id":null},{"id":"089bf551-3cb2-4c70-a648-050ec0e9b99e","name":"Valid Accounts","source":"MITRE","technique_attack_id":"T1078","technique_id":"a9b7eb2f-63e7-41bc-9d77-f7c4cede5406","owner_id":null},{"id":"abb3f2b0-cc51-45fd-ad0a-9b97cd046405","name":"Process Hollowing","source":"MITRE","technique_attack_id":"T1055.012","technique_id":"77100337-67a1-4520-b25a-3ddd72b0d5ac","owner_id":null},{"id":"4a9ee1c5-99a8-4327-ae11-7defddafac43","name":"Resource Forking","source":"MITRE","technique_attack_id":"T1564.009","technique_id":"644d820e-6f64-4404-a861-cfa8b18b42a6","owner_id":null},{"id":"5b4c99d5-d050-4463-9bdd-ea8d3fb9313b","name":"Obfuscated Files or Information","source":"MITRE","technique_attack_id":"T1027","technique_id":"046cc07e-8700-4536-9c5b-6ecb384f52b0","owner_id":null},{"id":"7351443b-bd70-48cf-92b8-65a904a759a1","name":"Multi-Factor Authentication","source":"MITRE","technique_attack_id":"T1556.006","technique_id":"60498bb5-fcfb-4d85-bf3e-26c30c08fbda","owner_id":null},{"id":"b1564559-b894-4431-bde1-3c3006757d09","name":"Invalid Code Signature","source":"MITRE","technique_attack_id":"T1036.001","technique_id":"aa5a31d0-1b78-481d-a317-5089c1e111bf","owner_id":null},{"id":"3ff5e80e-73bb-4474-98e6-2a0e78b64168","name":"Run Virtual Instance","source":"MITRE","technique_attack_id":"T1564.006","technique_id":"7564b45e-55d9-4ffa-8e08-b08b0aa82182","owner_id":null},{"id":"cd54d91f-56b1-40ad-bcc9-82d9fa755687","name":"SID-History Injection","source":"MITRE","technique_attack_id":"T1134.005","technique_id":"dcb323f0-0fe6-4e26-9039-4f26f10cd3a5","owner_id":null},{"id":"8305f0fc-1aa6-47fe-b986-b0d181f913a9","name":"Network Boundary Bridging","source":"MITRE","technique_attack_id":"T1599","technique_id":"091282d8-ef05-487f-93aa-445efaeed71b","owner_id":null},{"id":"0aeda377-89f2-450c-868e-5103f1ea3146","name":"Subvert Trust Controls","source":"MITRE","technique_attack_id":"T1553","technique_id":"73a8b954-93fe-466c-b73d-bd35bb08c3e7","owner_id":null},{"id":"ca29bf57-ad32-4024-b633-9862e8c3932e","name":"Elevated Execution with Prompt","source":"MITRE","technique_attack_id":"T1548.004","technique_id":"fd6b86c5-535b-4532-a6d8-a57a6fb04c18","owner_id":null},{"id":"97a257af-9b1e-42a7-afc8-22090c5c8ebb","name":"Regsvr32","source":"MITRE","technique_attack_id":"T1218.010","technique_id":"b1da2b02-9ade-45e0-a795-ec1b19e5316a","owner_id":null},{"id":"d4bcb617-8837-46e0-adab-f05a60038875","name":"Rename Legitimate Utilities","source":"MITRE","technique_attack_id":"T1036.003","technique_id":"14fa2a80-c838-462d-8c34-5a98a31a65ca","owner_id":null},{"id":"2b880f5e-d9ae-483d-acde-998cab9e9041","name":"Path Interception by Unquoted Path","source":"MITRE","technique_attack_id":"T1574.009","technique_id":"08188de6-22c8-42af-b01c-f1c250c22514","owner_id":null},{"id":"f55abe84-2067-4176-b4ff-e47df3d26061","name":"Steganography","source":"MITRE","technique_attack_id":"T1027.003","technique_id":"f22d0738-dcb7-40c2-99cf-b426ac54224a","owner_id":null},{"id":"91f2900f-5479-4346-b129-e63837b9227d","name":"Web Session Cookie","source":"MITRE","technique_attack_id":"T1550.004","technique_id":"d36a5323-e249-44e8-9c8b-5cc9c023a5e1","owner_id":null},{"id":"a64b39d0-789b-4616-8389-5c4d65e77682","name":"Domain Accounts","source":"MITRE","technique_attack_id":"T1078.002","technique_id":"74b99029-3f0a-4cc8-90d6-5a6b177c06eb","owner_id":null},{"id":"760aab5d-37c7-42ce-bc04-5805f891688f","name":"Regsvcs/Regasm","source":"MITRE","technique_attack_id":"T1218.009","technique_id":"a54c7c35-b70d-42b2-aa9d-5ffd9f792fff","owner_id":null},{"id":"1265cd1e-bc1c-4ea0-863e-c179e424603e","name":"Install Root Certificate","source":"MITRE","technique_attack_id":"T1553.004","technique_id":"3a956db0-a3f0-442a-a981-db2ee20d60b2","owner_id":null},{"id":"ac5ca816-0600-4c9e-90ee-52329ad4b5f1","name":"VBA Stomping","source":"MITRE","technique_attack_id":"T1564.007","technique_id":"1e3d9e0a-6744-44e4-836d-1db38a4cc99c","owner_id":null},{"id":"93506804-42d9-47e1-b787-b4e02d115aa4","name":"BITS Jobs","source":"MITRE","technique_attack_id":"T1197","technique_id":"6b278e5d-7383-42a4-9425-2da79bbe43e0","owner_id":null},{"id":"2254c0d4-a6af-43bf-88ed-037057b0a6a3","name":"MSBuild","source":"MITRE","technique_attack_id":"T1127.001","technique_id":"4aa6466a-f7ca-4dae-b272-73ca23f0df8f","owner_id":null},{"id":"84ec55b4-426e-4a1b-901e-0a27c3df30ea","name":"Disable or Modify Cloud Logs","source":"MITRE","technique_attack_id":"T1562.008","technique_id":"6824cdb3-a4c5-45a8-a3d5-5a5afd347214","owner_id":null},{"id":"ecc1d14b-725c-4f37-bc38-60d1e5a80cbd","name":"Hidden Window","source":"MITRE","technique_attack_id":"T1564.003","technique_id":"5e8b76ce-b75f-449c-9d8f-573b1ffdb2bd","owner_id":null},{"id":"8a4791f2-24b2-460d-ae49-eaa250eb19f1","name":"Create Cloud Instance","source":"MITRE","technique_attack_id":"T1578.002","technique_id":"2ba8a662-6930-4cbe-9e3d-4cbe2109fd88","owner_id":null},{"id":"3e680ae7-fb7c-4e1e-b7ec-dacf38e4a589","name":"Proc Memory","source":"MITRE","technique_attack_id":"T1055.009","technique_id":"7360117a-3404-48d0-9d4b-7f6a61c08f0e","owner_id":null},{"id":"039eb2ba-2793-4f6f-a038-4682373ec9c3","name":"Patch System Image","source":"MITRE","technique_attack_id":"T1601.001","technique_id":"630a17c1-0176-4764-8f5c-a83f4f3e980f","owner_id":null},{"id":"378c6f6b-049d-4f71-bb5e-9a5400d948e0","name":"Clear Persistence","source":"MITRE","technique_attack_id":"T1070.009","technique_id":"e6dac24d-672c-4cae-82e7-2bf21014633c","owner_id":null},{"id":"464fca0f-608b-4395-ad63-08496a186611","name":"Domain Controller Authentication","source":"MITRE","technique_attack_id":"T1556.001","technique_id":"82d15799-9776-463e-9b87-a58d682cee55","owner_id":null},{"id":"70c3c1d5-7e93-4728-a85b-e1117a28226b","name":"HTML Smuggling","source":"MITRE","technique_attack_id":"T1027.006","technique_id":"f216978a-36c0-47f1-a4ad-5ef67c8ae72c","owner_id":null},{"id":"8c10ddfe-5b5a-4301-8d4f-92d1b73394b9","name":"Reversible Encryption","source":"MITRE","technique_attack_id":"T1556.005","technique_id":"9dc21246-3788-48d6-b6a1-f2a39ee38557","owner_id":null},{"id":"28383dab-2910-4d34-94e6-77433e69a2d5","name":"File Deletion","source":"MITRE","technique_attack_id":"T1070.004","technique_id":"d36695d0-e4ab-4b8a-9c65-bab3cc34ef2c","owner_id":null},{"id":"324ad88d-7399-4139-92dc-3d1c62abcfe0","name":"Template Injection","source":"MITRE","technique_attack_id":"T1221","technique_id":"02b8e7c1-0db7-43f5-a5bc-531b30395122","owner_id":null},{"id":"e8edc041-73c8-49c1-a58c-d347d5f17ca5","name":"Access Token Manipulation","source":"MITRE","technique_attack_id":"T1134","technique_id":"1423e8c1-7cbf-4cfb-a70d-b6fe8e1a8041","owner_id":null},{"id":"f5f8ee90-8f64-4b21-ae1b-1f4dba624f64","name":"Software Packing","source":"MITRE","technique_attack_id":"T1027.002","technique_id":"9ed5db23-3b2a-4a08-8602-bc8dff5c80f0","owner_id":null},{"id":"747c55fc-3e78-4fbf-a5e6-1798c8075367","name":"Hidden File System","source":"MITRE","technique_attack_id":"T1564.005","technique_id":"9e6268a5-a979-4219-b0ad-76094a9876c7","owner_id":null},{"id":"aadb7bd4-109a-4c20-9202-6798b8731d0f","name":"Thread Local Storage","source":"MITRE","technique_attack_id":"T1055.005","technique_id":"24e0b530-cca7-4c5c-83b2-97b83c716e42","owner_id":null},{"id":"bac4daad-e817-49e0-8f40-b09aa98c0bde","name":"Debugger Evasion","source":"MITRE","technique_attack_id":"T1622","technique_id":"945c1564-6c13-4baa-b1d4-6ba82e06a897","owner_id":null},{"id":"30d179d5-8490-4ea4-be6e-dec206e83678","name":"Space after Filename","source":"MITRE","technique_attack_id":"T1036.006","technique_id":"50dd9303-b6a5-417a-860e-26f4244ff580","owner_id":null},{"id":"9d307452-5f45-4662-8c6e-977c2075bdf8","name":"Pass the Hash","source":"MITRE","technique_attack_id":"T1550.002","technique_id":"33486e3e-1104-42d0-8053-34c8c9c4d10f","owner_id":null},{"id":"07b6469f-f476-583f-9057-1ef656cce603","name":"Mutual Exclusion","source":"MITRE","technique_attack_id":"T1480.002","technique_id":"81070f84-0835-5fdf-bcbb-4e16252dc2f0","owner_id":null},{"id":"a5bd553b-06a2-5fcd-9269-a8534018505e","name":"Polymorphic Code","source":"MITRE","technique_attack_id":"T1027.014","technique_id":"67a83337-b17a-5413-a506-d84306cc0dfb","owner_id":null},{"id":"1f54d045-c5a2-4257-96ec-04f33642066d","name":"Ptrace System Calls","source":"MITRE","technique_attack_id":"T1055.008","technique_id":"e200d4c9-2d9c-4303-a2de-86baae85c60f","owner_id":null},{"id":"ce24078c-5c36-423e-909d-c4364434757e","name":"Dynamic API Resolution","source":"MITRE","technique_attack_id":"T1027.007","technique_id":"9ef0ef16-b62c-4d09-b872-12c7e6adf2ed","owner_id":null},{"id":"d8a25ce9-32c5-49f1-a647-72e080e7f033","name":"ListPlanting","source":"MITRE","technique_attack_id":"T1055.015","technique_id":"c262a10e-13db-4c47-995c-87201cdf858d","owner_id":null},{"id":"4a771c5f-f5cc-434e-93ff-ad47fe90b621","name":"Domain or Tenant Policy Modification","source":"MITRE","technique_attack_id":"T1484","technique_id":"d092a9e1-63d0-415d-8cd0-666a261be5d9","owner_id":null},{"id":"1c14fa6d-94ba-4a5e-9326-ebfe8e06eafe","name":"XSL Script Processing","source":"MITRE","technique_attack_id":"T1220","technique_id":"4eb755e6-41f1-4c92-b14d-87a61a446258","owner_id":null},{"id":"dcef14f0-cd75-462d-9f30-005922fab1e6","name":"Hidden Files and Directories","source":"MITRE","technique_attack_id":"T1564.001","technique_id":"14e81a2d-9eca-429c-9fb9-08e109de9f6c","owner_id":null},{"id":"33ea8bd2-d803-4e1f-a259-9630099bbcc1","name":"Create Snapshot","source":"MITRE","technique_attack_id":"T1578.001","technique_id":"bcaf63dc-660a-40d4-ba28-fc113b34bf51","owner_id":null},{"id":"ba201fbd-e7e2-46b4-a29d-870840e9d9d2","name":"Application Access Token","source":"MITRE","technique_attack_id":"T1550.001","technique_id":"8592f37d-850a-43d1-86f2-cc981ad7d7dc","owner_id":null},{"id":"7c28927c-574d-444d-8463-c588db43b202","name":"Cloud Accounts","source":"MITRE","technique_attack_id":"T1078.004","technique_id":"3c4a2f3a-5877-4a27-a417-76318523657e","owner_id":null},{"id":"3977f2df-4131-44d6-835b-61955e28720f","name":"Environmental Keying","source":"MITRE","technique_attack_id":"T1480.001","technique_id":"ac10844f-e4ab-44a2-97b4-3d74a1fc046c","owner_id":null},{"id":"93936a7b-487f-4061-b041-da36c015268d","name":"NTFS File Attributes","source":"MITRE","technique_attack_id":"T1564.004","technique_id":"3b12e647-2bbd-4d84-9abe-401ad4230b6d","owner_id":null},{"id":"01743596-e8f5-4f52-903c-647db370e103","name":"Dynamic-link Library Injection","source":"MITRE","technique_attack_id":"T1055.001","technique_id":"232bb95b-a267-4cc2-8eb1-67ecdd5babd5","owner_id":null},{"id":"a0c5f231-7e17-485b-bed9-2e66a6d5cdf3","name":"Modify Authentication Process","source":"MITRE","technique_attack_id":"T1556","technique_id":"f516ecd7-a6a6-4018-8e58-c007be05bdce","owner_id":null},{"id":"fcf509d7-987c-471c-a95d-c19d401aea56","name":"System Script Proxy Execution","source":"MITRE","technique_attack_id":"T1216","technique_id":"e0d1825e-e46a-48f2-9b28-8346a39d39b0","owner_id":null},{"id":"056bace5-54f2-4ff4-958c-95cdcbe9bf29","name":"Network Device Authentication","source":"MITRE","technique_attack_id":"T1556.004","technique_id":"195aa08b-15fd-4019-b905-8f31bc5e2094","owner_id":null},{"id":"8ad3a28a-be47-4788-81ca-e0742ed26612","name":"Dylib Hijacking","source":"MITRE","technique_attack_id":"T1574.004","technique_id":"6c8fa277-33c3-45b5-8f0d-9b1c0ccaf284","owner_id":null},{"id":"5f0367cd-b330-421b-9e92-d052ba1c86a6","name":"Downgrade System Image","source":"MITRE","technique_attack_id":"T1601.002","technique_id":"49e3504a-e031-45a0-b816-1d3741a78c7f","owner_id":null},{"id":"e9b76c3f-e0ce-469a-b2ff-f3d3f2b871fc","name":"Local Accounts","source":"MITRE","technique_attack_id":"T1078.003","technique_id":"d2a19fd8-ff9c-4f9e-9e84-ed3ea12c4b7c","owner_id":null},{"id":"f1f3779d-1655-4d6c-8df4-2a859dd1d291","name":"Exploitation for Defense Evasion","source":"MITRE","technique_attack_id":"T1211","technique_id":"15b65bf2-dbe5-47bc-be09-ed97684bf391","owner_id":null},{"id":"ec55d725-fe2b-4e38-a2e3-1956d5014696","name":"Trusted Developer Utilities Proxy Execution","source":"MITRE","technique_attack_id":"T1127","technique_id":"8811114c-a0cf-479c-b95d-c036467749e3","owner_id":null},{"id":"fc983b23-534e-4e45-8ecb-7d62c11d41d0","name":"MMC","source":"MITRE","technique_attack_id":"T1218.014","technique_id":"43c2f853-cb52-4242-94e9-ec53743f3c05","owner_id":null},{"id":"0c750d1c-7e69-4299-836d-d63bc248340e","name":"Process Argument Spoofing","source":"MITRE","technique_attack_id":"T1564.010","technique_id":"f5732b2d-0548-4574-bcc8-59ceef24aeeb","owner_id":null},{"id":"aaa2612a-6c52-419d-b90a-182baf4e84b4","name":"COR_PROFILER","source":"MITRE","technique_attack_id":"T1574.012","technique_id":"110c385f-9f27-4fd6-837c-6261294073ab","owner_id":null},{"id":"2c3f4910-ebaa-5267-b765-a1282f2b910b","name":"ClickOnce","source":"MITRE","technique_attack_id":"T1127.002","technique_id":"967b85c4-cfa7-520c-819b-4f7e36562589","owner_id":null},{"id":"92089fe2-6f92-5d3d-bd91-e790016b6ad4","name":"Relocate Malware","source":"MITRE","technique_attack_id":"T1070.010","technique_id":"d9ee3cf6-5852-5896-851d-28f751f5bf3c","owner_id":null},{"id":"44c5aa23-1917-5481-834a-70090e93c05d","name":"Selective Exclusion","source":"MITRE","technique_attack_id":"T1679","technique_id":"13adf8f6-d778-5c78-a430-a311f8cac4b8","owner_id":null},{"id":"ef33fe33-a931-5ffa-ad77-4d35737eed03","name":"Disable or Modify Network Device Firewall","source":"MITRE","technique_attack_id":"T1562.013","technique_id":"d6b09cc1-6783-52b3-9292-8bcc94aa3efc","owner_id":null},{"id":"0b71a10b-c7a2-52e3-a7e1-68827d6af589","name":"Delay Execution","source":"MITRE","technique_attack_id":"T1678","technique_id":"a1d78139-0aef-5531-a9aa-92cc0430326e","owner_id":null},{"id":"afcdc1de-38a0-545a-a6f1-81618c0c9e46","name":"Browser Fingerprint","source":"MITRE","technique_attack_id":"T1036.012","technique_id":"157e2e38-a474-50ce-83c6-69aa75bbeece","owner_id":null},{"id":"56ae6cb1-39f9-5964-abd2-f6be65e83f69","name":"Masquerade Account Name","source":"MITRE","technique_attack_id":"T1036.010","technique_id":"3fee577e-dad0-53a5-9d58-6049cb5a70e5","owner_id":null},{"id":"14d614ec-890a-59eb-a193-3b730e26d607","name":"Overwrite Process Arguments","source":"MITRE","technique_attack_id":"T1036.011","technique_id":"c8888a55-8339-54ca-a645-d8b40a7ee1c9","owner_id":null},{"id":"67633fb6-b28b-59a7-b660-912f5402564c","name":"Bind Mounts","source":"MITRE","technique_attack_id":"T1564.013","technique_id":"933dede9-e193-52d7-bc8c-3d5af93541d6","owner_id":null},{"id":"0a736edb-d3bf-5e5f-90c7-99fcb6a4ce27","name":"Junk Code Insertion","source":"MITRE","technique_attack_id":"T1027.016","technique_id":"d3c97e67-d0a0-56c2-9b84-a179c5ace9ec","owner_id":null},{"id":"4d61058e-a1dd-5e0d-ae78-0e145f5602d1","name":"Extended Attributes","source":"MITRE","technique_attack_id":"T1564.014","technique_id":"3da73d1c-132a-5f80-8c7e-cbcae04b3e12","owner_id":null},{"id":"57a1c9bd-a863-5098-9066-e8dd3562f02e","name":"SVG Smuggling","source":"MITRE","technique_attack_id":"T1027.017","technique_id":"234d2a91-db5f-5d76-9de6-58e5b09543d6","owner_id":null},{"id":"e0b19e66-b340-52e7-9511-1c67f2bf8537","name":"JamPlus","source":"MITRE","technique_attack_id":"T1127.003","technique_id":"85fd1d00-ba5d-5a49-ba72-dd71ed567372","owner_id":null},{"id":"69db0629-70dd-5a71-bd51-b6eabdc5b709","name":"Compression","source":"MITRE","technique_attack_id":"T1027.015","technique_id":"4884db74-3624-5e32-aeac-f41c680e378d","owner_id":null},{"id":"d4722e37-6b85-5df8-998b-ec6311dc56d6","name":"Email Spoofing","source":"MITRE","technique_attack_id":"T1672","technique_id":"a9a0136e-7412-54e8-a6fe-0817bf736eeb","owner_id":null},{"id":"0b0ef429-63f7-52e5-ac29-069dfa395476","name":"Fileless Storage","source":"MITRE","technique_attack_id":"T1027.011","technique_id":"c41cb2d3-ff4c-5ee7-99b9-8a3d7987c9bf","owner_id":null},{"id":"8b9cf2e0-2afe-54b9-b579-66cecc08b239","name":"Masquerade File Type","source":"MITRE","technique_attack_id":"T1036.008","technique_id":"f91a7433-d5f1-5a47-8252-f02b513ce7f4","owner_id":null},{"id":"03d4edf1-d03a-5b64-874d-b86822fe6dd4","name":"Network Provider DLL","source":"MITRE","technique_attack_id":"T1556.008","technique_id":"f1329084-6e9c-5933-83cd-56c1bf8439e3","owner_id":null},{"id":"cc380e91-d35b-5df3-8cfd-8edeccb2daac","name":"Spoof Security Alerting","source":"MITRE","technique_attack_id":"T1562.011","technique_id":"67fa2827-fd64-5bf7-bf77-27b6ffc8f77f","owner_id":null},{"id":"8763d29f-edcf-5322-8dc1-71e414d43ac4","name":"Command Obfuscation","source":"MITRE","technique_attack_id":"T1027.010","technique_id":"d8406198-626c-5659-945e-2b5105fcd0c9","owner_id":null},{"id":"ef942082-2f29-58da-8c67-08f973815e26","name":"Modify Cloud Compute Configurations","source":"MITRE","technique_attack_id":"T1578.005","technique_id":"04e8e75c-434e-51e0-9780-580a3823a8cb","owner_id":null},{"id":"ff973a28-2348-5fe1-91db-0ecc877aa6ad","name":"Break Process Trees","source":"MITRE","technique_attack_id":"T1036.009","technique_id":"ed511983-98ef-572f-b5fc-0687f48467e0","owner_id":null},{"id":"b1638805-ba7f-51bb-b0d5-4f26731c6ef0","name":"Ignore Process Interrupts","source":"MITRE","technique_attack_id":"T1564.011","technique_id":"9e55bc80-a187-58f7-a687-d37bbd618db7","owner_id":null},{"id":"878953c7-647b-5b11-b8bf-e8abc536ca5f","name":"Disable or Modify Linux Audit System","source":"MITRE","technique_attack_id":"T1562.012","technique_id":"d9eb2887-840e-5ed7-bb4b-3b210f4147f9","owner_id":null},{"id":"2c0b70ff-ca7d-50c2-8f78-5e6a4f233079","name":"Temporary Elevated Cloud Access","source":"MITRE","technique_attack_id":"T1548.005","technique_id":"448dc009-2d3f-5480-aba3-0d80dc4336cd","owner_id":null},{"id":"5e55199e-171d-566b-bdf5-dc3fb96f212f","name":"LNK Icon Smuggling","source":"MITRE","technique_attack_id":"T1027.012","technique_id":"e2911337-76ed-5834-b621-bb2b9a4205ee","owner_id":null},{"id":"f935d235-1426-5ad6-8042-312eb13b9209","name":"Impersonation","source":"MITRE","technique_attack_id":"T1656","technique_id":"20417e43-6ffa-5d36-a2ef-e27cd5a4b8f1","owner_id":null},{"id":"d7a15b35-41e8-54e7-bcdf-485626231b86","name":"File/Path Exclusions","source":"MITRE","technique_attack_id":"T1564.012","technique_id":"3b8f1fe2-f6f1-5660-a0b3-2f6be096b791","owner_id":null},{"id":"d1e39867-32f5-5877-b4a4-c7ab9adc4f11","name":"Encrypted/Encoded File","source":"MITRE","technique_attack_id":"T1027.013","technique_id":"49714d10-6f44-5035-a448-66c2a3f3cdd6","owner_id":null},{"id":"4cd5322d-0a8f-5e46-8abe-e00009144b93","name":"AppDomainManager","source":"MITRE","technique_attack_id":"T1574.014","technique_id":"3d6727cd-d297-51e9-a6a2-8718284bf8e5","owner_id":null},{"id":"d73bfcaa-159d-52a5-81cd-4cb072f31470","name":"Electron Applications","source":"MITRE","technique_attack_id":"T1218.015","technique_id":"b02bc1f4-fbed-5eab-918c-f367c39cc3ba","owner_id":null},{"id":"541b1699-e8cc-5724-958a-2a4f18846b5b","name":"Conditional Access Policies","source":"MITRE","technique_attack_id":"T1556.009","technique_id":"2fa370dd-42be-5c10-85e8-294624c8a778","owner_id":null},{"id":"a6af5e21-bfc3-5e7e-b44d-6299852b14b8","name":"SyncAppvPublishingServer","source":"MITRE","technique_attack_id":"T1216.002","technique_id":"afe01d48-73bc-5e52-aa5f-2310911c2e3c","owner_id":null},{"id":"cc494da2-3053-58d0-9743-12f0d8f4eb1a","name":"TCC Manipulation","source":"MITRE","technique_attack_id":"T1548.006","technique_id":"769d2e67-5430-5fdd-9a07-d1b227110ec0","owner_id":null}],"tags":[],"tidal_id":"957183d9-b6e8-5965-a67f-52cb856e9e3c","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"0c3132d5-c0df-4793-b5f2-1a95bd64ab53","name":"Credential Access","description":"The adversary is trying to steal account names and passwords.\n\nCredential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.","ordinal_position":8,"source":"MITRE","tactic_attack_id":"TA0006","owner_name":null,"techniques":[{"id":"014a6de6-37e8-4f8f-8e40-3229a30727b4","name":"Abuse Accessibility Features","source":"Mobile","technique_attack_id":"T1453","technique_id":"eda9af89-cdfd-5dd9-b29e-f65f31623536","owner_id":null},{"id":"182cf450-98d0-4a48-ba9a-94cab3df0533","name":"Steal Application Access Token","source":"Mobile","technique_attack_id":"T1635","technique_id":"3c037997-7cb8-5a0b-ab21-9629f26f41c2","owner_id":null},{"id":"f1e73598-fc12-4b78-be40-53f3833f6e51","name":"Access Notifications","source":"Mobile","technique_attack_id":"T1517","technique_id":"d1f62094-b88e-55e1-8d7d-33af73394d55","owner_id":null},{"id":"c8c99646-4cba-4b6f-95fc-a168312fb9fe","name":"GUI Input Capture","source":"Mobile","technique_attack_id":"T1417.002","technique_id":"e64fc6da-33c1-550e-a05b-987926dd90ab","owner_id":null},{"id":"3d6c10b7-f16f-4d2a-8af7-1af9816f77e5","name":"URI Hijacking","source":"Mobile","technique_attack_id":"T1635.001","technique_id":"a884f246-9b5a-51ec-86cf-730044120165","owner_id":null},{"id":"128b10f8-29ba-45c2-89ed-df80c08929f6","name":"Keychain","source":"Mobile","technique_attack_id":"T1634.001","technique_id":"ece0704d-88b4-5a7c-9912-293bf8ba9596","owner_id":null},{"id":"4f3172ac-a2a5-4d34-bfb3-a41249d2b20d","name":"Input Capture","source":"Mobile","technique_attack_id":"T1417","technique_id":"52fa61cc-b520-5fa3-a50a-36b858f5571f","owner_id":null},{"id":"c99fe02f-0813-4f55-94d5-ddfe130df264","name":"Keylogging","source":"Mobile","technique_attack_id":"T1417.001","technique_id":"e9f1ea03-8098-5de9-8728-acbcf1a9ec35","owner_id":null},{"id":"36be3b4e-b393-43c6-861d-548d8abd3cea","name":"Clipboard Data","source":"Mobile","technique_attack_id":"T1414","technique_id":"813b7fb7-cf74-53b5-98ce-c5b9996893b6","owner_id":null},{"id":"2b06f342-be33-4485-868e-69b12e14f934","name":"Credentials from Password Store","source":"Mobile","technique_attack_id":"T1634","technique_id":"007a808b-bf5c-5c3e-8e23-13d2ed25749e","owner_id":null},{"id":"cba22475-615f-5c68-abad-400b6936908f","name":"Ccache Files","source":"MITRE","technique_attack_id":"T1558.005","technique_id":"d049bae1-29f3-5f7d-ba6a-08b1227d5b72","owner_id":null},{"id":"e4f3da5f-33ae-5f21-a985-6bc9472f29bd","name":"Evil Twin","source":"MITRE","technique_attack_id":"T1557.004","technique_id":"ca544853-bda2-554a-b7c4-c239760e56a2","owner_id":null},{"id":"825b86f0-8776-4060-869a-2dd7e1dd412d","name":"Kerberoasting","source":"MITRE","technique_attack_id":"T1558.003","technique_id":"2f980aed-b34a-4300-ac6b-70e7ddf6d9be","owner_id":null},{"id":"6e3a5bfc-3e18-461a-aea5-e5fbd49cadaf","name":"DCSync","source":"MITRE","technique_attack_id":"T1003.006","technique_id":"0a54e0f9-27eb-466b-ae47-53216e6e8065","owner_id":null},{"id":"d2594665-fe00-4104-9e83-82c70c895ecf","name":"Web Portal Capture","source":"MITRE","technique_attack_id":"T1056.003","technique_id":"34674b83-86a7-4ad9-8b05-49b505aa5ef0","owner_id":null},{"id":"fb183e42-879e-4a4d-a1bb-7ee3ac7ec0b0","name":"Cached Domain Credentials","source":"MITRE","technique_attack_id":"T1003.005","technique_id":"cf4d8bb4-2d60-499d-b72c-4957660758c9","owner_id":null},{"id":"34e60603-e91b-4908-8fc6-e65ec839b092","name":"Golden Ticket","source":"MITRE","technique_attack_id":"T1558.001","technique_id":"12efebf8-9da4-446c-a627-b6f95524f1ea","owner_id":null},{"id":"446abbf0-ae0c-44bc-89a7-1d7518ff3a64","name":"Steal or Forge Authentication Certificates","source":"MITRE","technique_attack_id":"T1649","technique_id":"b8c27b52-3e73-448d-8a7c-3e814c8e3889","owner_id":null},{"id":"ce176d6e-6b79-4440-8ac2-54e72c98b027","name":"Shell History","source":"MITRE","technique_attack_id":"T1552.003","technique_id":"065d1cca-8ca5-4f8b-a333-2340706f589e","owner_id":null},{"id":"0861eed5-8363-46d3-bf96-d016029d7253","name":"Credentials In Files","source":"MITRE","technique_attack_id":"T1552.001","technique_id":"838c5038-91e7-4648-925e-a142c8c10853","owner_id":null},{"id":"4e6dae76-3a93-4e33-a7dd-dddf190b1cee","name":"Web Cookies","source":"MITRE","technique_attack_id":"T1606.001","technique_id":"b0966c0f-1e09-4d5d-acff-0ca79dc9da89","owner_id":null},{"id":"6e4e90aa-6fba-4da3-a611-51faa04d437d","name":"Steal Application Access Token","source":"MITRE","technique_attack_id":"T1528","technique_id":"f78f2c87-626a-468f-93a5-31b61be17727","owner_id":null},{"id":"b0d845a7-3f8c-4746-b327-b68cd58d3c55","name":"Group Policy Preferences","source":"MITRE","technique_attack_id":"T1552.006","technique_id":"57dd1624-42e9-42a6-b1bb-d1d1df233138","owner_id":null},{"id":"87ae70dd-ad4c-459d-a000-d04238497011","name":"Forge Web Credentials","source":"MITRE","technique_attack_id":"T1606","technique_id":"d8507187-cea6-4be2-95b4-e875924e58c0","owner_id":null},{"id":"bac77744-509a-4f26-a6ce-74a27a447b42","name":"Multi-Factor Authentication Request Generation","source":"MITRE","technique_attack_id":"T1621","technique_id":"c0f2efd4-bfc8-43da-9859-14446fb8f289","owner_id":null},{"id":"7a6619c8-b81d-4771-bfbd-b5d7c6d0a4b2","name":"Exploitation for Credential Access","source":"MITRE","technique_attack_id":"T1212","technique_id":"afdfa503-0464-4b42-a79c-a6fc828492ef","owner_id":null},{"id":"7f2d5335-9984-4b85-bd38-6bc57f111e2f","name":"GUI Input Capture","source":"MITRE","technique_attack_id":"T1056.002","technique_id":"40ac9bae-173e-467c-80f2-0c1513fc874d","owner_id":null},{"id":"956509a4-558b-46c3-87c5-b6e52ee9d2d8","name":"Brute Force","source":"MITRE","technique_attack_id":"T1110","technique_id":"c16eef78-232e-47a2-98e9-046ec075b13c","owner_id":null},{"id":"aebb3c60-2e14-4941-bea4-9f123745d385","name":"Credential Stuffing","source":"MITRE","technique_attack_id":"T1110.004","technique_id":"6d300882-d404-4f77-a19d-4a2f2b786702","owner_id":null},{"id":"3a76a1bf-32f7-45c1-8ff9-55e24de4085b","name":"Multi-Factor Authentication","source":"MITRE","technique_attack_id":"T1556.006","technique_id":"60498bb5-fcfb-4d85-bf3e-26c30c08fbda","owner_id":null},{"id":"2e8872d7-a9e7-475f-a79d-16c11768d3e4","name":"Forced Authentication","source":"MITRE","technique_attack_id":"T1187","technique_id":"e732e1d4-fffa-4fc3-b387-47782c821688","owner_id":null},{"id":"2296a212-2ac9-4351-98ee-72b66aae9cfe","name":"Password Spraying","source":"MITRE","technique_attack_id":"T1110.003","technique_id":"e63414a7-c6f7-4bcf-a6eb-25b0c4ddbb2a","owner_id":null},{"id":"725a0bf8-03f5-44b0-a056-1bd60fa3561b","name":"Modify Authentication Process","source":"MITRE","technique_attack_id":"T1556","technique_id":"f516ecd7-a6a6-4018-8e58-c007be05bdce","owner_id":null},{"id":"bf485858-6643-433c-9d8a-aa27656c41e2","name":"Credential API Hooking","source":"MITRE","technique_attack_id":"T1056.004","technique_id":"28fd13d1-b555-47fa-9d47-caf6b1367ace","owner_id":null},{"id":"2364cb53-1083-4505-b23d-982451179b0f","name":"Container API","source":"MITRE","technique_attack_id":"T1552.007","technique_id":"6f6b88df-039c-4b69-87e0-97dfabbb49d8","owner_id":null},{"id":"93af62b5-ec4d-4431-8294-8f427488be6c","name":"Network Device Authentication","source":"MITRE","technique_attack_id":"T1556.004","technique_id":"195aa08b-15fd-4019-b905-8f31bc5e2094","owner_id":null},{"id":"59a7390e-f020-4079-9744-f869159bd4c2","name":"Input Capture","source":"MITRE","technique_attack_id":"T1056","technique_id":"5ee96331-a7b7-4c32-a8f1-3fb164078f5f","owner_id":null},{"id":"610e59c6-d037-463e-b58b-09e45f2f7854","name":"ARP Cache Poisoning","source":"MITRE","technique_attack_id":"T1557.002","technique_id":"03ef726b-ac65-4e23-8130-9d299a3f458a","owner_id":null},{"id":"a58c93a1-c95b-4edc-b281-0e6d95a87dcb","name":"/etc/passwd and /etc/shadow","source":"MITRE","technique_attack_id":"T1003.008","technique_id":"ef7732d9-b629-4037-b5b5-579dafda080b","owner_id":null},{"id":"3d5a27b9-2cf2-4c95-93df-9ff2be4ec2fc","name":"Silver Ticket","source":"MITRE","technique_attack_id":"T1558.002","technique_id":"e7135af8-3668-4d94-90d2-2a93a6b5c327","owner_id":null},{"id":"c1c7ca4d-bd53-4fb6-bac2-ef7bba5f00ef","name":"Windows Credential Manager","source":"MITRE","technique_attack_id":"T1555.004","technique_id":"9503955c-fa53-452a-b717-7e23bfb4df83","owner_id":null},{"id":"c70232ad-06a6-4043-b16c-0666f357a7a8","name":"Domain Controller Authentication","source":"MITRE","technique_attack_id":"T1556.001","technique_id":"82d15799-9776-463e-9b87-a58d682cee55","owner_id":null},{"id":"f11c619f-e31d-48d5-8f2e-be4fbcbc6608","name":"Reversible Encryption","source":"MITRE","technique_attack_id":"T1556.005","technique_id":"9dc21246-3788-48d6-b6a1-f2a39ee38557","owner_id":null},{"id":"1904c9b8-8852-4170-bc0b-e7b43d80d489","name":"Multi-Factor Authentication Interception","source":"MITRE","technique_attack_id":"T1111","technique_id":"600d45ec-cb9c-47b8-ae94-326471ebb007","owner_id":null},{"id":"695b6509-3b65-45c3-ba41-db1164fe3031","name":"NTDS","source":"MITRE","technique_attack_id":"T1003.003","technique_id":"c46432d4-bdeb-4dad-bbbd-68ad8ba6aca5","owner_id":null},{"id":"82f9f1a5-8285-469b-ba90-d93ded9ad929","name":"Adversary-in-the-Middle","source":"MITRE","technique_attack_id":"T1557","technique_id":"d98dbf30-c454-42ff-a9f3-2cd3319cc0d9","owner_id":null},{"id":"2b16b6df-ff44-4a55-8eb5-4e08248ca3f1","name":"Pluggable Authentication Modules","source":"MITRE","technique_attack_id":"T1556.003","technique_id":"852748c2-280b-41e8-ba87-d97ec9fade70","owner_id":null},{"id":"0d0183f6-3710-4f28-9e09-4ce3568919bc","name":"Keylogging","source":"MITRE","technique_attack_id":"T1056.001","technique_id":"7f1798b5-b159-441b-a5ef-3b5c706e1699","owner_id":null},{"id":"29d925fb-3d1a-4f6d-8ec5-fe0d177eb03e","name":"Password Guessing","source":"MITRE","technique_attack_id":"T1110.001","technique_id":"e849ebcc-e0af-45a5-aefa-c394bb759b4e","owner_id":null},{"id":"a41f2fb6-a5b0-499f-92e5-88758385a7fa","name":"OS Credential Dumping","source":"MITRE","technique_attack_id":"T1003","technique_id":"368f85f9-2b15-4732-80fe-087694eaf34d","owner_id":null},{"id":"c58bde09-2f5c-4aad-9813-ee3d78e85ad4","name":"Steal Web Session Cookie","source":"MITRE","technique_attack_id":"T1539","technique_id":"17f9e46d-4e3d-4491-a0d9-0cc042531d6e","owner_id":null},{"id":"5648d05d-4fdb-468a-9468-8cb2ad03abc4","name":"Security Account Manager","source":"MITRE","technique_attack_id":"T1003.002","technique_id":"a95e33ab-7032-4943-ab15-d526420e0cc6","owner_id":null},{"id":"319132d3-11a4-49e2-ad26-b5a402b270ac","name":"Cloud Instance Metadata API","source":"MITRE","technique_attack_id":"T1552.005","technique_id":"a5a95893-d837-424a-979f-095a47dd9f34","owner_id":null},{"id":"5716d866-1555-43dd-beb3-14202ff10766","name":"Securityd Memory","source":"MITRE","technique_attack_id":"T1555.002","technique_id":"fd75ec36-fc88-4bee-9fd9-480df6d1e765","owner_id":null},{"id":"e8420d81-e429-4b4f-aa8c-b5704ace6f12","name":"Password Cracking","source":"MITRE","technique_attack_id":"T1110.002","technique_id":"7e8c3c70-2e9f-4fa0-b083-ff5610447dc1","owner_id":null},{"id":"dd98dc59-146f-466a-8a16-1eace344fd7b","name":"Keychain","source":"MITRE","technique_attack_id":"T1555.001","technique_id":"1ef8a053-ff13-4a10-b9d9-0a017880e4a5","owner_id":null},{"id":"3ef892e7-3364-424d-bfdf-de00edb057e5","name":"LSA Secrets","source":"MITRE","technique_attack_id":"T1003.004","technique_id":"b40aa9fa-abb5-47c3-951f-2d454b9bc017","owner_id":null},{"id":"d99265da-f423-43f9-afc7-d6e0ad46c4da","name":"SAML Tokens","source":"MITRE","technique_attack_id":"T1606.002","technique_id":"dc0aecef-3cb2-4381-b6e4-dfa7be16d42b","owner_id":null},{"id":"02c7f80f-3f52-4c74-a556-4688ae43b877","name":"Proc Filesystem","source":"MITRE","technique_attack_id":"T1003.007","technique_id":"81ae71ff-ca5e-4b87-9361-24ebc2c454b3","owner_id":null},{"id":"6606df5d-396a-4da3-8386-d018d8c4f633","name":"Password Managers","source":"MITRE","technique_attack_id":"T1555.005","technique_id":"9448cf6f-7ba3-41d1-8710-8e6f9b0572ee","owner_id":null},{"id":"1eda1d52-a464-4125-a8e2-37f774e2b057","name":"Network Sniffing","source":"MITRE","technique_attack_id":"T1040","technique_id":"bbad213d-477d-43bf-9501-ad7d74bac323","owner_id":null},{"id":"457e05f9-a72e-4c17-b9d8-4923c788fc8d","name":"Credentials in Registry","source":"MITRE","technique_attack_id":"T1552.002","technique_id":"cdac2469-52ca-42a8-aefe-0321a7e3d658","owner_id":null},{"id":"71acfe0d-c1c1-4211-86b5-9581baf87199","name":"Password Filter DLL","source":"MITRE","technique_attack_id":"T1556.002","technique_id":"cd65b0f4-a2a4-4291-aff2-1c65cf68cf6c","owner_id":null},{"id":"4e1540f7-84a6-4490-a471-56d920ea466d","name":"AS-REP Roasting","source":"MITRE","technique_attack_id":"T1558.004","technique_id":"888e603b-ca97-4671-aa43-a25248fc9fc8","owner_id":null},{"id":"e08529cc-f4cf-4ffd-8317-2df6bcbd3c47","name":"Steal or Forge Kerberos Tickets","source":"MITRE","technique_attack_id":"T1558","technique_id":"0fef0394-7cf6-4797-8a5e-1cbfd31ee501","owner_id":null},{"id":"7d124de1-5d47-43c2-b0e3-f67696f7acaa","name":"Credentials from Password Stores","source":"MITRE","technique_attack_id":"T1555","technique_id":"a0bb264e-8617-4ae6-bafd-f52b36c63d12","owner_id":null},{"id":"bde1b75c-6d85-4e29-9645-b93c588dbed2","name":"Unsecured Credentials","source":"MITRE","technique_attack_id":"T1552","technique_id":"02ed857b-ba39-4fab-b1d9-3ed2aa689dfd","owner_id":null},{"id":"062d5909-152a-47ca-a9d7-1956a0289cfc","name":"Hybrid Identity","source":"MITRE","technique_attack_id":"T1556.007","technique_id":"b0a1ef13-0c54-47e8-a220-7543ba41a327","owner_id":null},{"id":"96a9ee8b-d774-4bf1-979d-11edbcd8c8a7","name":"Credentials from Web Browsers","source":"MITRE","technique_attack_id":"T1555.003","technique_id":"b4a1cbaa-85d1-4a65-977f-494f66a141e3","owner_id":null},{"id":"1f775b48-476a-4dd2-8ab2-2358021a695d","name":"DHCP Spoofing","source":"MITRE","technique_attack_id":"T1557.003","technique_id":"52dabfcc-b7a4-4334-9014-ab9d82f5527b","owner_id":null},{"id":"24f67d33-eba1-48b8-8659-80200446e84f","name":"Private Keys","source":"MITRE","technique_attack_id":"T1552.004","technique_id":"e493bf4a-0eba-4e60-a7a6-c699084dc98a","owner_id":null},{"id":"1e713b6d-6832-4cbf-a066-bb90b8913b27","name":"LLMNR/NBT-NS Poisoning and SMB Relay","source":"MITRE","technique_attack_id":"T1557.001","technique_id":"b44a263f-76b2-4a1f-baeb-dd285974eca6","owner_id":null},{"id":"53d3974c-a1ef-436f-aeb0-477eba538ab1","name":"LSASS Memory","source":"MITRE","technique_attack_id":"T1003.001","technique_id":"ab0da102-5a14-42b1-969e-5d3daefdf0c5","owner_id":null},{"id":"a8a07f10-99e1-5bdc-8d9f-731d5b5b997b","name":"Network Provider DLL","source":"MITRE","technique_attack_id":"T1556.008","technique_id":"f1329084-6e9c-5933-83cd-56c1bf8439e3","owner_id":null},{"id":"82696fc3-e86c-5fca-86ee-701aada68fea","name":"Chat Messages","source":"MITRE","technique_attack_id":"T1552.008","technique_id":"8e9cfd62-1a61-50dc-8f05-8a4914fd3853","owner_id":null},{"id":"07451013-f452-5e0b-ad78-b18901493fba","name":"Conditional Access Policies","source":"MITRE","technique_attack_id":"T1556.009","technique_id":"2fa370dd-42be-5c10-85e8-294624c8a778","owner_id":null},{"id":"3b53da3f-cbae-5b73-b56b-28441919a54d","name":"Cloud Secrets Management Stores","source":"MITRE","technique_attack_id":"T1555.006","technique_id":"260571a6-3c08-5419-98c5-3fa1aa8e675d","owner_id":null}],"tags":[],"tidal_id":"2ba3f8cb-a95e-50a8-a780-c14c4e87a1bc","matrices":["eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"ee7e5a85-a940-46e4-b408-12956f3baafa","name":"Discovery","description":"The adversary is trying to figure out your environment.\n\nDiscovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective. ","ordinal_position":9,"source":"MITRE","tactic_attack_id":"TA0007","owner_name":null,"techniques":[{"id":"d6333737-c147-4a97-9d0f-0c2323181409","name":"Impersonate SS7 Nodes","source":"Mobile","technique_attack_id":"T1430.002","technique_id":"b09425e6-1489-5576-ac66-b16e3b3afda0","owner_id":null},{"id":"df29a81b-480f-440f-b8ca-393e1e378049","name":"Software Discovery","source":"Mobile","technique_attack_id":"T1418","technique_id":"21121b52-2cd0-5555-9b87-a2c8d07f489f","owner_id":null},{"id":"d0b80cfd-a689-476d-b2a4-8dd826c95322","name":"Process Discovery","source":"Mobile","technique_attack_id":"T1424","technique_id":"1c3f90f4-fff9-5c9a-b942-b2eceb0240ec","owner_id":null},{"id":"e5361a3a-71bd-49f4-bd31-3f7f202b9268","name":"Security Software Discovery","source":"Mobile","technique_attack_id":"T1418.001","technique_id":"59149f4b-b7c0-5009-b580-25d55679e845","owner_id":null},{"id":"e3b02a27-d3a2-462b-b7a3-2f935bb824fb","name":"Network Service Scanning","source":"Mobile","technique_attack_id":"T1423","technique_id":"d3f71d53-6416-5dd9-8ce9-9ee0eb50c94a","owner_id":null},{"id":"265c6d4e-6418-45dc-8dbf-adefd8cd90c8","name":"Internet Connection Discovery","source":"Mobile","technique_attack_id":"T1422.001","technique_id":"471863a4-0026-591d-b6ec-171445c3e2a6","owner_id":null},{"id":"917f2c61-5b31-44e9-9251-1680f97946eb","name":"Location Tracking","source":"Mobile","technique_attack_id":"T1430","technique_id":"a7ae039e-309d-5d4c-960d-40abe6b2e940","owner_id":null},{"id":"928e486c-1fc1-4bdf-8458-ec60f8429684","name":"Remote Device Management Services","source":"Mobile","technique_attack_id":"T1430.001","technique_id":"1111dc3d-0c49-5117-91af-40438b13fff4","owner_id":null},{"id":"e08748fa-1409-4f2f-8720-546620c16959","name":"Wi-Fi Discovery","source":"Mobile","technique_attack_id":"T1422.002","technique_id":"57facdfa-20fd-5ee1-a458-6de8be7c0d05","owner_id":null},{"id":"fbb27b2e-acb6-475a-ae06-d4f342338377","name":"File and Directory Discovery","source":"Mobile","technique_attack_id":"T1420","technique_id":"37d4b05d-e328-53bb-b9db-4211d41b5da2","owner_id":null},{"id":"58d12dbd-5c3f-49ce-919b-146a833085e4","name":"System Network Configuration Discovery","source":"Mobile","technique_attack_id":"T1422","technique_id":"8f81b9e4-907c-5b35-ba56-df2c5df3455c","owner_id":null},{"id":"faf961ec-08ab-455b-9062-1c5f689fdac9","name":"System Network Connections Discovery","source":"Mobile","technique_attack_id":"T1421","technique_id":"384eadb2-000c-5f83-8528-ac83da3fe16a","owner_id":null},{"id":"b7b7f263-f425-4c42-995c-acd6d835c582","name":"System Information Discovery","source":"Mobile","technique_attack_id":"T1426","technique_id":"ddf666b9-b665-5e4f-af7e-180a13aa9622","owner_id":null},{"id":"49ab69cb-9609-4602-a007-6275bd867c6f","name":"Wireless Sniffing","source":"ICS","technique_attack_id":"T0887","technique_id":"43843a04-f0d1-5b01-a7ef-599857f6d4af","owner_id":null},{"id":"89e57bb0-9304-487d-9a74-d9ff6cfaf502","name":"Remote System Information Discovery","source":"ICS","technique_attack_id":"T0888","technique_id":"70c8e0fe-ed39-5053-9a40-365239ec9bc3","owner_id":null},{"id":"1b8d210a-9491-43f2-a437-10423315991a","name":"Network Sniffing","source":"ICS","technique_attack_id":"T0842","technique_id":"1b0d248a-cee7-5414-9152-f97959a390ad","owner_id":null},{"id":"ae926b5c-e22e-47cb-922a-bcc5e4fd70c4","name":"Remote System Discovery","source":"ICS","technique_attack_id":"T0846","technique_id":"5eed39f6-c0ee-5549-8a6e-c67b4fac65fc","owner_id":null},{"id":"90f47ad2-6e6c-4c22-9633-0771ebc2b7b8","name":"Network Connection Enumeration","source":"ICS","technique_attack_id":"T0840","technique_id":"66db73f5-4370-5efb-9a7b-0d62d9c76418","owner_id":null},{"id":"7dd241d8-2b48-49a2-a038-36d0d3bb7e57","name":"System Owner/User Discovery","source":"MITRE","technique_attack_id":"T1033","technique_id":"86e6f1f0-290b-4971-b50e-80e98a0a768b","owner_id":null},{"id":"895288a2-9238-4292-990a-00087c895d0f","name":"Container and Resource Discovery","source":"MITRE","technique_attack_id":"T1613","technique_id":"41c4b4cc-99da-4323-b0f4-229906578501","owner_id":null},{"id":"ca8328d7-e347-4ba2-9fbf-9ade8c7ff81d","name":"Permission Groups Discovery","source":"MITRE","technique_attack_id":"T1069","technique_id":"f9d61206-3063-4d04-b06f-225f4766bff1","owner_id":null},{"id":"5329211a-9e43-46fa-a7a3-db0c8b83218f","name":"Cloud Groups","source":"MITRE","technique_attack_id":"T1069.003","technique_id":"9e366f99-7f7d-4407-8915-448a8108c7e0","owner_id":null},{"id":"4b9bb58b-4ca0-4dce-a54f-ee76b66e6b88","name":"Group Policy Discovery","source":"MITRE","technique_attack_id":"T1615","technique_id":"d97d754d-92d5-4874-bbfe-5aa4d581f2a8","owner_id":null},{"id":"aefd76c4-6e8f-4d87-af7c-df084b5a52a9","name":"Domain Account","source":"MITRE","technique_attack_id":"T1087.002","technique_id":"12908bde-a5eb-40a5-ae27-d93960d0bfdc","owner_id":null},{"id":"f1abe96a-b653-42e7-924f-e05408f072a2","name":"Local Account","source":"MITRE","technique_attack_id":"T1087.001","technique_id":"df5f6835-ca0a-4ef5-bb3a-b011e4025545","owner_id":null},{"id":"71978e77-014d-4c29-9d53-dbe36e17a8a1","name":"System Checks","source":"MITRE","technique_attack_id":"T1497.001","technique_id":"026c9281-07f1-4358-96d3-151fed76b1fe","owner_id":null},{"id":"5ee5f10e-e8e3-4bb6-9c80-385d4fcdeee2","name":"Domain Groups","source":"MITRE","technique_attack_id":"T1069.002","technique_id":"f14bb7ae-6ba3-4b44-b776-c79867ea9225","owner_id":null},{"id":"e9b19083-3377-47eb-a594-5d67d32afd67","name":"System Service Discovery","source":"MITRE","technique_attack_id":"T1007","technique_id":"e0a347e2-2ac5-458b-ab0f-18d81b6d6055","owner_id":null},{"id":"7e81192e-41f8-4b17-b88d-1554a63585f0","name":"Network Sniffing","source":"MITRE","technique_attack_id":"T1040","technique_id":"bbad213d-477d-43bf-9501-ad7d74bac323","owner_id":null},{"id":"64db6c91-2da3-4ffe-a0be-88e9ddd1ec9d","name":"Network Share Discovery","source":"MITRE","technique_attack_id":"T1135","technique_id":"ac5e465f-466d-41e4-933a-04e2c861e820","owner_id":null},{"id":"568704b7-9a54-406d-97ec-ad19cd0c4c64","name":"Peripheral Device Discovery","source":"MITRE","technique_attack_id":"T1120","technique_id":"0997d871-875e-41e4-891c-f8a4ed8b2f31","owner_id":null},{"id":"9bc30108-b37c-48e1-b6cb-b47f86a36e30","name":"System Information Discovery","source":"MITRE","technique_attack_id":"T1082","technique_id":"a2961a00-450e-45a5-b293-f699d9f3b4ea","owner_id":null},{"id":"931917ea-4b94-4f55-91cf-b350cb132cb4","name":"Application Window Discovery","source":"MITRE","technique_attack_id":"T1010","technique_id":"3b2f435a-8666-43b5-9883-f2808eebd726","owner_id":null},{"id":"a2d951b9-10fa-44a6-8134-afbf240e659c","name":"Email Account","source":"MITRE","technique_attack_id":"T1087.003","technique_id":"b31b014b-0b59-4493-966b-a57ad68f073d","owner_id":null},{"id":"0f23f476-be24-5d80-9f53-f01da3be5d47","name":"Local Storage Discovery","source":"MITRE","technique_attack_id":"T1680","technique_id":"9398ff6a-9b28-5a30-b470-d4300b7f4902","owner_id":null},{"id":"68a99826-f5df-4bb5-ac4d-18e38099a2ca","name":"Time Based Checks","source":"MITRE","technique_attack_id":"T1497.003","technique_id":"0ca01a9e-571e-4b17-a84d-23e9ce39b073","owner_id":null},{"id":"6cc5e062-3f29-483f-b2de-97af89c7ad4b","name":"Cloud Infrastructure Discovery","source":"MITRE","technique_attack_id":"T1580","technique_id":"fd346e4e-b22f-4cae-bc24-946d7b14b5e1","owner_id":null},{"id":"f7d48882-3840-40f1-a0f0-79edfde9f744","name":"Browser Information Discovery","source":"MITRE","technique_attack_id":"T1217","technique_id":"f1af5c8b-3210-4788-a873-97b1518bb43a","owner_id":null},{"id":"b2169a48-3919-452b-9315-c12153c2cd36","name":"System Network Configuration Discovery","source":"MITRE","technique_attack_id":"T1016","technique_id":"adb6b8c1-2bdb-42b9-95da-5ce07e8796f7","owner_id":null},{"id":"dbe0e8dd-2f37-4f52-9abb-f6590aa30c36","name":"Account Discovery","source":"MITRE","technique_attack_id":"T1087","technique_id":"6736995e-b9ea-401b-81fa-6caeb7a17ce3","owner_id":null},{"id":"4a2b907d-f1fa-4a56-bffb-8ae58432c809","name":"Domain Trust Discovery","source":"MITRE","technique_attack_id":"T1482","technique_id":"93bd112e-9494-4b60-bdc5-8b610c7ebe21","owner_id":null},{"id":"0b6e3829-dd65-4c64-906a-60091fde0b3b","name":"Internet Connection Discovery","source":"MITRE","technique_attack_id":"T1016.001","technique_id":"3f926f8f-7b47-4a7d-976a-269704a6bc5c","owner_id":null},{"id":"10ff3bae-47d0-4efe-9747-b6300f1b2b32","name":"File and Directory Discovery","source":"MITRE","technique_attack_id":"T1083","technique_id":"1492c4ba-c933-47b8-953d-6de3db8cfce8","owner_id":null},{"id":"aa8d85e9-7ce2-5917-804b-2cd3871b00a2","name":"Backup Software Discovery","source":"MITRE","technique_attack_id":"T1518.002","technique_id":"36797652-bcd3-56b2-b72d-6923815e8f62","owner_id":null},{"id":"575f28b1-ceeb-4aef-8fbd-ded26bf34845","name":"System Network Connections Discovery","source":"MITRE","technique_attack_id":"T1049","technique_id":"0d258912-58b1-4982-b90f-eed576f05ffc","owner_id":null},{"id":"182bb026-ed7f-4bf5-99b3-c3e707ca8593","name":"Virtualization/Sandbox Evasion","source":"MITRE","technique_attack_id":"T1497","technique_id":"63baf71d-f46f-4ac8-a3a6-8345ddd2f7a8","owner_id":null},{"id":"1b5befb9-9960-4739-b575-0774bf5cc1db","name":"Cloud Storage Object Discovery","source":"MITRE","technique_attack_id":"T1619","technique_id":"92761d92-a288-4407-a112-bb2720f07d07","owner_id":null},{"id":"e222d496-2dfa-44bf-98b4-0a1dbfdaee4a","name":"Cloud Account","source":"MITRE","technique_attack_id":"T1087.004","technique_id":"d76c3dde-dba5-4748-8d51-c93fc34f885e","owner_id":null},{"id":"80cf19c7-a5fb-4d01-8ce8-2c59b1492f8c","name":"Process Discovery","source":"MITRE","technique_attack_id":"T1057","technique_id":"710ae610-0556-44e5-9de9-8be6159a23dd","owner_id":null},{"id":"496682a3-6891-4f0b-ae19-60ed279ed850","name":"User Activity Based Checks","source":"MITRE","technique_attack_id":"T1497.002","technique_id":"cb268bcf-3c2f-4583-94e3-7c9f0893e52f","owner_id":null},{"id":"4af72393-e379-4e42-9115-1c2c03f2aec1","name":"Local Groups","source":"MITRE","technique_attack_id":"T1069.001","technique_id":"0fa8230a-fd97-4e2c-9923-923044af4291","owner_id":null},{"id":"314ad76c-e745-4ba0-b730-7717b1253b88","name":"Password Policy Discovery","source":"MITRE","technique_attack_id":"T1201","technique_id":"2bf2e498-99c8-4e36-ad4b-e675d95ac925","owner_id":null},{"id":"08c805f2-161e-4e2a-9fad-b857da663264","name":"System Language Discovery","source":"MITRE","technique_attack_id":"T1614.001","technique_id":"7bebc801-5d5d-44b0-8da2-f37f7d88e40d","owner_id":null},{"id":"e3beb6f4-085f-4ec7-b641-a74af474138d","name":"Query Registry","source":"MITRE","technique_attack_id":"T1012","technique_id":"58722f84-b119-45a8-8e29-0065688015ee","owner_id":null},{"id":"c2abab59-9789-4319-87df-52a0bb340fdf","name":"System Location Discovery","source":"MITRE","technique_attack_id":"T1614","technique_id":"90e6a093-3e87-4d74-8b68-38c7d7e5e93c","owner_id":null},{"id":"8568bc60-ade4-4d2d-9a6a-30efafedb44f","name":"Security Software Discovery","source":"MITRE","technique_attack_id":"T1518.001","technique_id":"9e945aa5-3883-4537-a767-f49bdcce26c7","owner_id":null},{"id":"3ad1131a-9797-5668-a523-1f73daa5d458","name":"Virtual Machine Discovery","source":"MITRE","technique_attack_id":"T1673","technique_id":"ff6401f2-5308-59b4-a695-86b7120d4004","owner_id":null},{"id":"3b794ed9-7291-489b-af44-905ed856bcb9","name":"Cloud Service Discovery","source":"MITRE","technique_attack_id":"T1526","technique_id":"5d0a3722-52b6-4968-a367-7ca6bc9a33fc","owner_id":null},{"id":"70341196-3283-4024-842f-4cd31f61bffe","name":"Remote System Discovery","source":"MITRE","technique_attack_id":"T1018","technique_id":"00a9a4d4-928d-4d95-be31-dfac6103991f","owner_id":null},{"id":"cb27f152-dd6d-448f-a76e-b567b0261257","name":"Network Service Discovery","source":"MITRE","technique_attack_id":"T1046","technique_id":"5bab1234-8d1e-437f-88a0-d527b2dfc6cd","owner_id":null},{"id":"dab639b5-8e46-4916-9baa-f475bf1fb35f","name":"Software Discovery","source":"MITRE","technique_attack_id":"T1518","technique_id":"e9bff6ff-3142-4910-8f67-19b868912602","owner_id":null},{"id":"5f667941-eb1b-47ea-8299-1cd934d9ad7b","name":"Cloud Service Dashboard","source":"MITRE","technique_attack_id":"T1538","technique_id":"315ce434-ad6d-4dae-a1dd-6db944a44422","owner_id":null},{"id":"15c8fb33-2291-4920-9d1d-e14c27f2be88","name":"Debugger Evasion","source":"MITRE","technique_attack_id":"T1622","technique_id":"945c1564-6c13-4baa-b1d4-6ba82e06a897","owner_id":null},{"id":"b34b9787-c44e-4c6f-a437-ce16d896fab6","name":"System Time Discovery","source":"MITRE","technique_attack_id":"T1124","technique_id":"2e634ff1-a4ea-41b4-8ee9-23db4627a986","owner_id":null},{"id":"52a06a37-02b0-587b-857c-411d13f1988c","name":"Wi-Fi Discovery","source":"MITRE","technique_attack_id":"T1016.002","technique_id":"4c7c0caa-b9bc-5d63-b5c3-812fdf3bba8a","owner_id":null},{"id":"2dd081df-7373-5ca6-a181-c570abc5fab3","name":"Log Enumeration","source":"MITRE","technique_attack_id":"T1654","technique_id":"309c7c8b-c366-5762-8611-136971ac4eb4","owner_id":null},{"id":"ed62356f-0f88-52fd-a241-2a504d496d63","name":"Device Driver Discovery","source":"MITRE","technique_attack_id":"T1652","technique_id":"70ffc700-eb9b-54d7-8fd4-564bd71a6434","owner_id":null}],"tags":[],"tidal_id":"0e15339e-723c-5fcf-90c7-373498ca11cf","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"50ba4930-7c8e-4ef9-bc36-70e7dae661eb","name":"Lateral Movement","description":"The adversary is trying to move through your environment.\n\nLateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target, then pivoting through multiple systems and accounts to gain access to it. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier. ","ordinal_position":10,"source":"MITRE","tactic_attack_id":"TA0008","owner_name":null,"techniques":[{"id":"857b2a4f-c0b2-427b-80ad-50e71d649980","name":"Exploitation of Remote Services","source":"Mobile","technique_attack_id":"T1428","technique_id":"9d60aea7-cca5-554b-bfac-9fd3af3ed0e8","owner_id":null},{"id":"39ed6785-001b-4c25-9a7d-64316a4c667e","name":"Replication Through Removable Media","source":"Mobile","technique_attack_id":"T1458","technique_id":"f1f2d031-8d9d-501b-9112-d5602bc31171","owner_id":null},{"id":"e08d651f-c339-46b1-a27f-3faa04d6587b","name":"Exploitation of Remote Services","source":"ICS","technique_attack_id":"T0866","technique_id":"fa63cff9-015c-5b5e-b8ee-dfaf9d7242fb","owner_id":null},{"id":"5c5a32e3-c343-492e-87cc-73689e9184a6","name":"Default Credentials","source":"ICS","technique_attack_id":"T0812","technique_id":"9cbc6201-c8b6-5b7f-85a8-00771fc5ce8c","owner_id":null},{"id":"06d54853-23fe-4237-8971-0d4c65335563","name":"Program Download","source":"ICS","technique_attack_id":"T0843","technique_id":"7cefe2e9-04ad-5799-8979-03fd273abff2","owner_id":null},{"id":"6480bb95-6d07-4074-9713-afe63bdbbc8d","name":"Hardcoded Credentials","source":"ICS","technique_attack_id":"T0891","technique_id":"5bbfb10e-f9f2-5ad2-b7c4-f555cf286bbc","owner_id":null},{"id":"f9622e91-e798-4e6c-a3b9-a36a02e25d54","name":"Valid Accounts","source":"ICS","technique_attack_id":"T0859","technique_id":"77282e6f-607e-5e35-b036-6b7977764108","owner_id":null},{"id":"ee7593a4-5501-4bd4-8f67-a4de87e56405","name":"Remote Services","source":"ICS","technique_attack_id":"T0886","technique_id":"2f42621d-eb8d-5961-94b7-7bef6c2d475f","owner_id":null},{"id":"2fc299f9-2186-4444-aaf2-b00debbb43f3","name":"Lateral Tool Transfer","source":"ICS","technique_attack_id":"T0867","technique_id":"4e4dc4af-2b4d-57aa-b7fb-e06c49dd8c61","owner_id":null},{"id":"38209bcd-d370-4bfd-87d1-0751f2b1ef79","name":"VNC","source":"MITRE","technique_attack_id":"T1021.005","technique_id":"af7afc1e-3374-4d1c-917b-c47c305274f5","owner_id":null},{"id":"a5debc89-b395-4b58-b8e1-38f041603901","name":"Taint Shared Content","source":"MITRE","technique_attack_id":"T1080","technique_id":"58987d0d-2ebf-4783-90ac-5164fe9b9e43","owner_id":null},{"id":"38cb6ec9-596a-44ea-97d9-1e402004f4b2","name":"SSH","source":"MITRE","technique_attack_id":"T1021.004","technique_id":"7620ba3a-7877-4f87-90e3-588163ac0474","owner_id":null},{"id":"9bcb48bb-c691-48e8-a9e4-e37d9a31029a","name":"Replication Through Removable Media","source":"MITRE","technique_attack_id":"T1091","technique_id":"6a7ab25e-49ed-4cd3-b199-5d80b728b416","owner_id":null},{"id":"5f90193c-6160-4ee6-bfc1-a36bdf3ac345","name":"SSH Hijacking","source":"MITRE","technique_attack_id":"T1563.001","technique_id":"45f2613d-35dd-4ddc-a222-30e9c0dd6bf6","owner_id":null},{"id":"13c4ea19-d132-4c77-9716-255422ab9f27","name":"SMB/Windows Admin Shares","source":"MITRE","technique_attack_id":"T1021.002","technique_id":"bc2f2c6c-ffe7-4e78-bbac-369f6781bbdd","owner_id":null},{"id":"1b74fb49-e59a-4aef-b241-3bee02ba6b61","name":"Use Alternate Authentication Material","source":"MITRE","technique_attack_id":"T1550","technique_id":"28f65214-95c1-4a72-b385-0b32cbcaea8f","owner_id":null},{"id":"bbc42c03-b24b-49ce-a358-08c06d8fa1e1","name":"Remote Services","source":"MITRE","technique_attack_id":"T1021","technique_id":"30ef3f13-5e9b-4712-9adf-f0da4ef157a1","owner_id":null},{"id":"7e8d809c-c772-41bc-900b-5a66d3556a14","name":"Remote Service Session Hijacking","source":"MITRE","technique_attack_id":"T1563","technique_id":"c992f340-645d-412a-b509-3cbaf94919b0","owner_id":null},{"id":"7fcbc328-5cb8-4942-9977-5df02b92e833","name":"Windows Remote Management","source":"MITRE","technique_attack_id":"T1021.006","technique_id":"c2866fd3-754e-4b40-897a-e73a8c1fcf7b","owner_id":null},{"id":"cfeb9f4b-843f-4f87-b74e-cfda39f8ddde","name":"Distributed Component Object Model","source":"MITRE","technique_attack_id":"T1021.003","technique_id":"ebc5fabb-5634-49f2-8979-94ea98da114a","owner_id":null},{"id":"38335810-d103-4aec-84ea-773b9e84019c","name":"Pass the Ticket","source":"MITRE","technique_attack_id":"T1550.003","technique_id":"5e771f38-6286-4330-b7b4-38071ad6b68a","owner_id":null},{"id":"cbd9dc8f-5726-40c9-b1d1-ce18d4a221ff","name":"Software Deployment Tools","source":"MITRE","technique_attack_id":"T1072","technique_id":"1bcf9fb5-6848-44d9-b394-ffbd3c357058","owner_id":null},{"id":"c2bb65f0-d20c-4212-93b4-73de3a06c09f","name":"Exploitation of Remote Services","source":"MITRE","technique_attack_id":"T1210","technique_id":"51ff4ada-8a71-4801-9cb8-a6e216eaa4e4","owner_id":null},{"id":"90c9c10b-5449-499c-8634-6f3150ecde42","name":"Internal Spearphishing","source":"MITRE","technique_attack_id":"T1534","technique_id":"4f4ea659-7653-4bfd-a525-b2af32c5899b","owner_id":null},{"id":"fe04651f-4dce-48f6-a918-476fd2cd9562","name":"Lateral Tool Transfer","source":"MITRE","technique_attack_id":"T1570","technique_id":"3dea57fc-3131-408b-a1fd-ff2eea1d858f","owner_id":null},{"id":"25a01c7a-dd9d-4da1-b298-0de820565592","name":"Web Session Cookie","source":"MITRE","technique_attack_id":"T1550.004","technique_id":"d36a5323-e249-44e8-9c8b-5cc9c023a5e1","owner_id":null},{"id":"4ea5010d-c20d-4d21-8ced-c134e0922c37","name":"RDP Hijacking","source":"MITRE","technique_attack_id":"T1563.002","technique_id":"a0f4b31b-41b7-4602-914a-f46aa815aadb","owner_id":null},{"id":"48568778-2230-40bc-8c2b-a5d931c7d4e9","name":"Pass the Hash","source":"MITRE","technique_attack_id":"T1550.002","technique_id":"33486e3e-1104-42d0-8053-34c8c9c4d10f","owner_id":null},{"id":"b3827366-b320-4822-8188-7d1617a10b35","name":"Remote Desktop Protocol","source":"MITRE","technique_attack_id":"T1021.001","technique_id":"f5fb86b6-abf0-4d44-b4a0-56f0636c24d2","owner_id":null},{"id":"eb2999eb-2946-4c64-bfaf-36b0da45b967","name":"Application Access Token","source":"MITRE","technique_attack_id":"T1550.001","technique_id":"8592f37d-850a-43d1-86f2-cc981ad7d7dc","owner_id":null},{"id":"0c08b347-915a-503a-8fbc-3552a0f9ff7c","name":"Cloud Services","source":"MITRE","technique_attack_id":"T1021.007","technique_id":"351a3ac7-bf0f-5dc1-b090-5a3d3586f31d","owner_id":null},{"id":"49ef5649-a37e-54f0-8ee4-231097e73d60","name":"Direct Cloud VM Connections","source":"MITRE","technique_attack_id":"T1021.008","technique_id":"852bc9a9-865f-59cd-9e81-bec6e8aa8b78","owner_id":null}],"tags":[],"tidal_id":"5e2e26cf-3586-59db-8f62-c74944f98294","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"1ca65327-b553-4923-ae19-8e6987ca250a","name":"Collection","description":"The adversary is trying to gather data of interest to their goal.\n\nCollection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to either steal (exfiltrate) the data or to use the data to gain more information about the target environment. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.","ordinal_position":11,"source":"MITRE","tactic_attack_id":"TA0009","owner_name":null,"techniques":[{"id":"348b8e4d-a418-4f64-b17e-94c07be0207f","name":"Adversary-in-the-Middle","source":"Mobile","technique_attack_id":"T1638","technique_id":"2159e281-24c2-599a-81e4-abe83ba080ed","owner_id":null},{"id":"c16a9d9f-2777-4e64-9b4b-23a4a2754599","name":"Impersonate SS7 Nodes","source":"Mobile","technique_attack_id":"T1430.002","technique_id":"b09425e6-1489-5576-ac66-b16e3b3afda0","owner_id":null},{"id":"c1a1c0f1-e0d4-41fa-a9a9-309b3f4dafab","name":"Protected User Data","source":"Mobile","technique_attack_id":"T1636","technique_id":"ca7c94d6-c132-519a-bf0b-120e60272740","owner_id":null},{"id":"0b624882-f1eb-4b26-b07a-e3a2666b5663","name":"Call Log","source":"Mobile","technique_attack_id":"T1636.002","technique_id":"fd6d139a-abb4-517b-9b34-e473464a3e5d","owner_id":null},{"id":"aac9a237-2cdb-403b-8e92-a5fb80b57719","name":"Abuse Accessibility Features","source":"Mobile","technique_attack_id":"T1453","technique_id":"eda9af89-cdfd-5dd9-b29e-f65f31623536","owner_id":null},{"id":"6b357a2c-56b1-4c33-8fe9-df5286b37acb","name":"Accounts","source":"Mobile","technique_attack_id":"T1636.005","technique_id":"bf812589-4dee-5697-993a-db1501aa2785","owner_id":null},{"id":"a1166b8d-8591-40ec-9e94-459ffb41b02f","name":"Call Control","source":"Mobile","technique_attack_id":"T1616","technique_id":"017daf49-59d2-5593-b97f-8d3602d42c66","owner_id":null},{"id":"c415a19e-ce42-4fd4-b01a-098ac41b6782","name":"Access Notifications","source":"Mobile","technique_attack_id":"T1517","technique_id":"d1f62094-b88e-55e1-8d7d-33af73394d55","owner_id":null},{"id":"de31d32e-7dab-40b0-affc-0d62fac9d0cb","name":"GUI Input Capture","source":"Mobile","technique_attack_id":"T1417.002","technique_id":"e64fc6da-33c1-550e-a05b-987926dd90ab","owner_id":null},{"id":"a08b07f2-2db0-4522-98a7-39d1fcb798fd","name":"Audio Capture","source":"Mobile","technique_attack_id":"T1429","technique_id":"2f1943b8-a842-5712-bd9f-ca4013b24f34","owner_id":null},{"id":"31eb0383-512f-40a7-afbe-b377e6fd9b84","name":"Stored Application Data","source":"Mobile","technique_attack_id":"T1409","technique_id":"fc1402cc-fcc7-593e-aa9c-96d879e1035e","owner_id":null},{"id":"33cc1e41-1493-4938-9602-0e48489fc312","name":"Screen Capture","source":"Mobile","technique_attack_id":"T1513","technique_id":"9d4545dd-1e0c-5ad3-84ea-b0a01fc9837a","owner_id":null},{"id":"6806a6ae-ad60-4bed-9bad-1c5dee2e7ff4","name":"Location Tracking","source":"Mobile","technique_attack_id":"T1430","technique_id":"a7ae039e-309d-5d4c-960d-40abe6b2e940","owner_id":null},{"id":"4d574f24-2488-4a3f-a4e4-82366eb024f0","name":"Remote Device Management Services","source":"Mobile","technique_attack_id":"T1430.001","technique_id":"1111dc3d-0c49-5117-91af-40438b13fff4","owner_id":null},{"id":"f90dbaac-7646-41b7-ae76-dd87e068e188","name":"Linked Devices","source":"Mobile","technique_attack_id":"T1676","technique_id":"5cf6cbc5-a24a-55e7-9891-6d19b1d707d2","owner_id":null},{"id":"46da18a7-1ef3-4bd9-9a91-62b251b4c897","name":"Input Capture","source":"Mobile","technique_attack_id":"T1417","technique_id":"52fa61cc-b520-5fa3-a50a-36b858f5571f","owner_id":null},{"id":"33fa2bc6-c383-4944-b4fb-b82fa28904a8","name":"Calendar Entries","source":"Mobile","technique_attack_id":"T1636.001","technique_id":"7fb5cf14-5cb4-56f3-be8d-b3dc954de640","owner_id":null},{"id":"7fd3ca5e-2d94-4a80-b202-84fa536284e1","name":"Keylogging","source":"Mobile","technique_attack_id":"T1417.001","technique_id":"e9f1ea03-8098-5de9-8728-acbcf1a9ec35","owner_id":null},{"id":"e9fc14e5-aca3-4954-9949-f36ece0dd980","name":"Clipboard Data","source":"Mobile","technique_attack_id":"T1414","technique_id":"813b7fb7-cf74-53b5-98ce-c5b9996893b6","owner_id":null},{"id":"b6d35c9f-0e77-4aff-8f49-455fcc4eb3da","name":"SMS Messages","source":"Mobile","technique_attack_id":"T1636.004","technique_id":"944a11f1-41c8-5440-a2fe-d7619e7f7788","owner_id":null},{"id":"b1597d2a-d99c-4616-a153-152e823e0278","name":"Video Capture","source":"Mobile","technique_attack_id":"T1512","technique_id":"ae3e1f32-fb8b-50c6-a6a8-cbcd5906f7ac","owner_id":null},{"id":"a2fbb9d4-ddbd-4c74-86b6-071e77353426","name":"Contact List","source":"Mobile","technique_attack_id":"T1636.003","technique_id":"d2ebb2cf-1f46-5984-a36a-6f3428c6f617","owner_id":null},{"id":"c628533e-7057-4fda-a5b5-235662d37dec","name":"Data from Local System","source":"Mobile","technique_attack_id":"T1533","technique_id":"f44d4365-258b-5753-ad4f-1e97d00773f1","owner_id":null},{"id":"bc5cdc5a-e903-4c4a-91c9-f120ba8b70ab","name":"Archive Collected Data","source":"Mobile","technique_attack_id":"T1532","technique_id":"b12f28c3-f959-5fae-b01e-e28f6af1d0e8","owner_id":null},{"id":"6d91835b-f986-4f7f-a703-7caafa478e0f","name":"Wireless Sniffing","source":"ICS","technique_attack_id":"T0887","technique_id":"43843a04-f0d1-5b01-a7ef-599857f6d4af","owner_id":null},{"id":"bcdfc7d9-a8c7-4546-8494-125b6e820167","name":"Point & Tag Identification","source":"ICS","technique_attack_id":"T0861","technique_id":"5646d65f-e0ed-55ca-ab8e-ef552eee8fe9","owner_id":null},{"id":"fa65af83-ea54-4b81-b22b-5919fa69c967","name":"Detect Operating Mode","source":"ICS","technique_attack_id":"T0868","technique_id":"652f8391-4f93-5390-b38c-bde6d071f99b","owner_id":null},{"id":"61294e56-3732-4889-ad46-b33c73937762","name":"Monitor Process State","source":"ICS","technique_attack_id":"T0801","technique_id":"3c35b9c0-730f-5621-8c92-f67beca3513c","owner_id":null},{"id":"f510b3dd-1b92-4aba-98e0-234543ccfc35","name":"Program Upload","source":"ICS","technique_attack_id":"T0845","technique_id":"24738cac-cda0-577f-8b01-d86784de77e9","owner_id":null},{"id":"62cbbd29-f672-4271-8ac1-b096afede588","name":"Data from Information Repositories","source":"ICS","technique_attack_id":"T0811","technique_id":"1ddc27eb-4e66-5450-a845-091adf1c9832","owner_id":null},{"id":"324ca388-f22e-4e1a-b740-ef06c02e5ec7","name":"Automated Collection","source":"ICS","technique_attack_id":"T0802","technique_id":"56cdef64-9dc8-56f2-b4b4-61e10a757804","owner_id":null},{"id":"16631396-a3f1-4323-9644-7f0cdcb889d2","name":"I/O Image","source":"ICS","technique_attack_id":"T0877","technique_id":"7c6f009d-ec23-5ed4-9c43-23c79c810a99","owner_id":null},{"id":"6699e9f0-a12f-4cae-a114-7c2f40552ee0","name":"Adversary-in-the-Middle","source":"ICS","technique_attack_id":"T0830","technique_id":"001ffe7d-0a99-50a3-8300-c2824a49eb24","owner_id":null},{"id":"0f396caf-3230-489b-a34e-4890669d3ef4","name":"Screen Capture","source":"ICS","technique_attack_id":"T0852","technique_id":"d2500c17-6208-55e3-a5d9-f006a63b8857","owner_id":null},{"id":"0c2a0934-ccaa-417f-bcf5-7f07010885f6","name":"Data from Local System","source":"ICS","technique_attack_id":"T0893","technique_id":"d0feae49-dca6-57b0-87f9-37d3c3fd9bce","owner_id":null},{"id":"85cc72eb-f396-5361-b9d7-0a4580db43b4","name":"Customer Relationship Management Software","source":"MITRE","technique_attack_id":"T1213.004","technique_id":"4562d25c-b3a8-582a-9a04-ff5f510ded7f","owner_id":null},{"id":"c131e1b8-e0fd-5a55-bb83-4e2665477bd8","name":"Databases","source":"MITRE","technique_attack_id":"T1213.006","technique_id":"832d2c3d-e789-5f9c-8ea5-c44a662084bf","owner_id":null},{"id":"1b268c43-438f-4dbd-8d46-8c6140293e36","name":"Data from Cloud Storage","source":"MITRE","technique_attack_id":"T1530","technique_id":"77069b3f-9e42-4f1b-894f-8df568233df2","owner_id":null},{"id":"1719786a-560c-4b63-a0b1-ff83be152b45","name":"Remote Data Staging","source":"MITRE","technique_attack_id":"T1074.002","technique_id":"cf76b79c-8226-4137-b3dd-8f516611b928","owner_id":null},{"id":"30439d8d-132c-44c3-8b77-084d7645e76e","name":"Data from Local System","source":"MITRE","technique_attack_id":"T1005","technique_id":"c0e4f97b-f651-493f-9636-6ac2f6fb46fb","owner_id":null},{"id":"fbc2f4b1-8702-4456-a8e9-32d12e7fb3a5","name":"Archive via Library","source":"MITRE","technique_attack_id":"T1560.002","technique_id":"ccf06b4a-bc33-4db1-bc66-74a0a7c31451","owner_id":null},{"id":"754e1eeb-5944-42d0-9b2f-b17397f8e8ee","name":"Network Device Configuration Dump","source":"MITRE","technique_attack_id":"T1602.002","technique_id":"0d5a5921-f643-4032-9a4a-0bb693822c21","owner_id":null},{"id":"74d50a6b-e490-428d-9cf6-44884959e27c","name":"Archive Collected Data","source":"MITRE","technique_attack_id":"T1560","technique_id":"ebd3f870-c513-4fb0-b133-15ffc1f91db2","owner_id":null},{"id":"9f957ce7-11fc-4790-9c67-5c48507086c8","name":"Browser Session Hijacking","source":"MITRE","technique_attack_id":"T1185","technique_id":"b57c5554-5a46-42cd-be7e-4206f79ef424","owner_id":null},{"id":"9de07d4b-775c-458c-b37b-1a88f231a52d","name":"DHCP Spoofing","source":"MITRE","technique_attack_id":"T1557.003","technique_id":"52dabfcc-b7a4-4334-9014-ab9d82f5527b","owner_id":null},{"id":"fb6d1fa2-d752-4f16-a705-aec71caae2af","name":"LLMNR/NBT-NS Poisoning and SMB Relay","source":"MITRE","technique_attack_id":"T1557.001","technique_id":"b44a263f-76b2-4a1f-baeb-dd285974eca6","owner_id":null},{"id":"1da3c6e1-78c6-4215-b41f-c6ef1f0e4b34","name":"Web Portal Capture","source":"MITRE","technique_attack_id":"T1056.003","technique_id":"34674b83-86a7-4ad9-8b05-49b505aa5ef0","owner_id":null},{"id":"33a466e9-ae66-5c42-b98d-c4c100a78239","name":"Messaging Applications","source":"MITRE","technique_attack_id":"T1213.005","technique_id":"4d893ef6-a30e-5283-b47b-31d17ac427be","owner_id":null},{"id":"45bbac0d-862d-5854-9b03-66d8b3671472","name":"Evil Twin","source":"MITRE","technique_attack_id":"T1557.004","technique_id":"ca544853-bda2-554a-b7c4-c239760e56a2","owner_id":null},{"id":"46b14012-5056-403e-80b5-76285db10788","name":"Archive via Utility","source":"MITRE","technique_attack_id":"T1560.001","technique_id":"3042a254-a2a9-4cb9-9939-087a24c64907","owner_id":null},{"id":"b288169c-8708-41bc-a8be-e0c426e35829","name":"Screen Capture","source":"MITRE","technique_attack_id":"T1113","technique_id":"4462ce9d-0a5a-427d-8160-7b307b50cfbd","owner_id":null},{"id":"c1e4ab26-0841-4e0b-a16d-3bacdaa709c7","name":"Adversary-in-the-Middle","source":"MITRE","technique_attack_id":"T1557","technique_id":"d98dbf30-c454-42ff-a9f3-2cd3319cc0d9","owner_id":null},{"id":"87cfbd6a-2bc5-450d-8c20-bafe5c97d3fb","name":"Keylogging","source":"MITRE","technique_attack_id":"T1056.001","technique_id":"7f1798b5-b159-441b-a5ef-3b5c706e1699","owner_id":null},{"id":"6730f03f-9fea-4ee7-851b-632ec80301dc","name":"Data from Configuration Repository","source":"MITRE","technique_attack_id":"T1602","technique_id":"97ef6135-47d4-4b91-8783-c0b5f331340e","owner_id":null},{"id":"1849493c-bb48-4415-8780-c363d457afd8","name":"Sharepoint","source":"MITRE","technique_attack_id":"T1213.002","technique_id":"8ac6952d-5add-4cbc-ad39-44943ed3459b","owner_id":null},{"id":"9ae3ae1b-221c-4e89-a25a-434873647eb2","name":"Audio Capture","source":"MITRE","technique_attack_id":"T1123","technique_id":"2be5c67a-edae-4083-8b6d-f99eaa622ed4","owner_id":null},{"id":"3111ecd7-9f9c-4dce-b0d0-6c78141a8a8e","name":"Archive via Custom Method","source":"MITRE","technique_attack_id":"T1560.003","technique_id":"41da2363-af05-46b8-990e-2cc749b5aac8","owner_id":null},{"id":"c848ff67-6926-4383-91aa-a5748adebd74","name":"Email Collection","source":"MITRE","technique_attack_id":"T1114","technique_id":"3569b783-1be5-414b-adb9-42c47ceee1cc","owner_id":null},{"id":"94893863-8293-45e9-8932-6a827b7b87ef","name":"Data from Removable Media","source":"MITRE","technique_attack_id":"T1025","technique_id":"ae3f9f0f-af66-424c-bcc8-4fdbd7ef9766","owner_id":null},{"id":"1d83264d-87af-4848-a4ff-65a25610396b","name":"Local Data Staging","source":"MITRE","technique_attack_id":"T1074.001","technique_id":"8e32b6ed-58b1-4708-8b86-bd29c3a544d2","owner_id":null},{"id":"0cd13346-6929-4dab-ac4f-66deb419f776","name":"Local Email Collection","source":"MITRE","technique_attack_id":"T1114.001","technique_id":"9a388756-9de0-45ea-9820-810443733789","owner_id":null},{"id":"35de7b29-dd6e-40bc-8f3c-0bd9d8ea2bcd","name":"Automated Collection","source":"MITRE","technique_attack_id":"T1119","technique_id":"107ad6c5-79b1-468c-9519-1578bee2ac49","owner_id":null},{"id":"ee427fb7-7fce-4ddc-b658-63792f27eaf8","name":"Clipboard Data","source":"MITRE","technique_attack_id":"T1115","technique_id":"e8f90b73-2e59-4643-a274-78b85b8d9f88","owner_id":null},{"id":"eb981e42-b683-430f-98b9-f8081a9b34d6","name":"Video Capture","source":"MITRE","technique_attack_id":"T1125","technique_id":"0c81e13a-3608-4171-8075-9f70b2934028","owner_id":null},{"id":"d1837129-ff42-418d-a139-d1b7e725d017","name":"Confluence","source":"MITRE","technique_attack_id":"T1213.001","technique_id":"3cc64d61-7922-4e08-98ff-b76cb2173830","owner_id":null},{"id":"d61489a2-2781-4b88-ad1c-8f017095980f","name":"Email Forwarding Rule","source":"MITRE","technique_attack_id":"T1114.003","technique_id":"59db734e-9edb-4c92-b2ca-a72fe1e08ac7","owner_id":null},{"id":"709424c5-8e16-4852-aa31-61102bb5328d","name":"Data Staged","source":"MITRE","technique_attack_id":"T1074","technique_id":"ef4ef020-5cd1-4859-902b-f207828a1281","owner_id":null},{"id":"4616fc17-726c-42c6-a733-f50f26332a6e","name":"GUI Input Capture","source":"MITRE","technique_attack_id":"T1056.002","technique_id":"40ac9bae-173e-467c-80f2-0c1513fc874d","owner_id":null},{"id":"b54dd5c9-b67d-4a88-a777-2056aa4494a6","name":"Data from Network Shared Drive","source":"MITRE","technique_attack_id":"T1039","technique_id":"875c5aa3-6ab1-4717-9503-9818ccbad98a","owner_id":null},{"id":"ca8f2095-2822-42e0-961b-5717b66fae70","name":"Remote Email Collection","source":"MITRE","technique_attack_id":"T1114.002","technique_id":"5de59320-1471-4715-99c4-eda2f7996d07","owner_id":null},{"id":"3e7df108-c3ae-45f5-ad14-c69b351d7b3a","name":"Data from Information Repositories","source":"MITRE","technique_attack_id":"T1213","technique_id":"08a73f37-a04e-46be-9409-b330cbe291b4","owner_id":null},{"id":"36f5ec7f-8354-48c5-a870-fc3a8b68fff6","name":"SNMP (MIB Dump)","source":"MITRE","technique_attack_id":"T1602.001","technique_id":"8510638d-5be4-4986-a11c-dcbdc729a50f","owner_id":null},{"id":"49fcb1d4-f309-4f20-81de-c32b20cd816b","name":"Credential API Hooking","source":"MITRE","technique_attack_id":"T1056.004","technique_id":"28fd13d1-b555-47fa-9d47-caf6b1367ace","owner_id":null},{"id":"ec763151-d2ac-457e-874d-9570def4e5b2","name":"Input Capture","source":"MITRE","technique_attack_id":"T1056","technique_id":"5ee96331-a7b7-4c32-a8f1-3fb164078f5f","owner_id":null},{"id":"b953ef59-886d-44b4-a3db-3315ed079801","name":"ARP Cache Poisoning","source":"MITRE","technique_attack_id":"T1557.002","technique_id":"03ef726b-ac65-4e23-8130-9d299a3f458a","owner_id":null},{"id":"642b4878-23dc-40fb-bb93-33813a625221","name":"Code Repositories","source":"MITRE","technique_attack_id":"T1213.003","technique_id":"fe595943-f264-4d05-a8c7-7afc8985bfc3","owner_id":null}],"tags":[],"tidal_id":"e12fc256-b6b5-5de6-8d2b-bd5ed392a9d1","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"94ffe549-1c29-438d-9c7f-e27f7acee0bb","name":"Command and Control","description":"The adversary is trying to communicate with compromised systems to control them.\n\nCommand and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.","ordinal_position":12,"source":"MITRE","tactic_attack_id":"TA0011","owner_name":null,"techniques":[{"id":"d74d8a11-88a0-4cc8-a193-2eb0c99c6653","name":"Remote Access Software","source":"Mobile","technique_attack_id":"T1663","technique_id":"93689898-036e-5e22-9095-af393a18cc71","owner_id":null},{"id":"aaa88eb7-937c-406c-89c5-f7205048e05f","name":"Asymmetric Cryptography","source":"Mobile","technique_attack_id":"T1521.002","technique_id":"d627d16f-f526-506c-888a-97e1ba85b65a","owner_id":null},{"id":"837640f9-6c87-4f3b-a378-4ba00965613f","name":"Web Protocols","source":"Mobile","technique_attack_id":"T1437.001","technique_id":"6fe51212-142b-5791-932a-cb5095609ca3","owner_id":null},{"id":"21082623-bac8-4179-bfb3-3bfc845e980e","name":"Ingress Tool Transfer","source":"Mobile","technique_attack_id":"T1544","technique_id":"d2aacf78-dde6-5bca-b7bd-e3a0f25ab345","owner_id":null},{"id":"604b1177-beec-499c-9ec5-45806bdd6082","name":"Dynamic Resolution","source":"Mobile","technique_attack_id":"T1637","technique_id":"94b617bf-6e12-5f18-89bf-7eb48257268d","owner_id":null},{"id":"01dd9dd8-580c-4a59-8b08-4c5d0f0f4de2","name":"Call Control","source":"Mobile","technique_attack_id":"T1616","technique_id":"017daf49-59d2-5593-b97f-8d3602d42c66","owner_id":null},{"id":"5d600133-6a5c-453d-a0d5-e8d8184790ca","name":"Application Layer Protocol","source":"Mobile","technique_attack_id":"T1437","technique_id":"f21647a3-5d50-5d53-9a72-4d79cf712669","owner_id":null},{"id":"b1d49fb6-dcd2-4765-abab-5ebe287e451b","name":"Bidirectional Communication","source":"Mobile","technique_attack_id":"T1481.002","technique_id":"b54b4743-82b4-59da-9602-edd91b911d78","owner_id":null},{"id":"5efa87f7-8af5-444f-8717-cbb94d6e5e8a","name":"Non-Standard Port","source":"Mobile","technique_attack_id":"T1509","technique_id":"fb83308d-d976-59f7-9ad2-e045641f9069","owner_id":null},{"id":"8e843d89-cef4-42b9-8b50-de6da7475856","name":"Dead Drop Resolver","source":"Mobile","technique_attack_id":"T1481.001","technique_id":"8f8468ae-12bb-5ea0-b0e2-59acd9214e6d","owner_id":null},{"id":"70c0d9ab-21cf-4dd6-9c30-eef055fc0c9e","name":"Symmetric Cryptography","source":"Mobile","technique_attack_id":"T1521.001","technique_id":"b495dfd3-84b6-5c93-a82e-e3cf7ce6c294","owner_id":null},{"id":"353132ff-232a-4396-a9fd-0efff31bd441","name":"Web Service","source":"Mobile","technique_attack_id":"T1481","technique_id":"9df74518-346a-5221-99ae-86681a6c5bbd","owner_id":null},{"id":"78d21a91-0257-4b5d-a119-39ff0807f86a","name":"One-Way Communication","source":"Mobile","technique_attack_id":"T1481.003","technique_id":"9ec720a3-b843-5769-95ab-982af3f1a3b7","owner_id":null},{"id":"260d3b05-20e7-4654-a4bd-1cca2294fb48","name":"SSL Pinning","source":"Mobile","technique_attack_id":"T1521.003","technique_id":"97c39cf0-7b97-5312-8192-1314d395b018","owner_id":null},{"id":"8dde1990-21ca-47cb-b77b-e3ad33cabbeb","name":"Out of Band Data","source":"Mobile","technique_attack_id":"T1644","technique_id":"2445302c-a45f-5498-9e1d-ac8b0744643a","owner_id":null},{"id":"0e7d553a-c02b-42b0-acb5-5cec196db3f1","name":"Encrypted Channel","source":"Mobile","technique_attack_id":"T1521","technique_id":"3ca8213c-5255-5c5d-9c7d-a156daf325aa","owner_id":null},{"id":"723473f4-6205-4294-bd6f-efeed9d085b8","name":"Domain Generation Algorithms","source":"Mobile","technique_attack_id":"T1637.001","technique_id":"64ba2d66-7bdb-50aa-8045-9a45e9628140","owner_id":null},{"id":"e20f7367-f66a-4358-b2b5-29c91880a380","name":"Connection Proxy","source":"ICS","technique_attack_id":"T0884","technique_id":"af2d159f-557b-5d44-936a-0aae1cb323bb","owner_id":null},{"id":"6466951b-b82e-4384-acb0-4cef78929996","name":"Standard Application Layer Protocol","source":"ICS","technique_attack_id":"T0869","technique_id":"d694161c-8919-5f63-a238-c2384a6a13e0","owner_id":null},{"id":"fd71d5bf-4de8-4f19-a6f2-9f7d016ba684","name":"Commonly Used Port","source":"ICS","technique_attack_id":"T0885","technique_id":"5363f941-d467-5bce-9e1f-4cfa14293074","owner_id":null},{"id":"08ade94c-6ab2-5245-b3f2-cb2ef0ed0857","name":"Publish/Subscribe Protocols","source":"MITRE","technique_attack_id":"T1071.005","technique_id":"1637efc5-85cc-515c-8244-fa973b0d69a6","owner_id":null},{"id":"87c256fe-0b28-42da-ac68-29240a92a968","name":"Socket Filters","source":"MITRE","technique_attack_id":"T1205.002","technique_id":"f0dd515b-51cf-4853-a20c-02226d099ee0","owner_id":null},{"id":"b1b9d46b-e9e1-4348-a3ff-2a021be9f1ed","name":"Standard Encoding","source":"MITRE","technique_attack_id":"T1132.001","technique_id":"972f0311-aec5-4fb5-bc5b-504c3f0cc95c","owner_id":null},{"id":"e239700e-78bf-421f-bd54-a2078405cca6","name":"Domain Generation Algorithms","source":"MITRE","technique_attack_id":"T1568.002","technique_id":"b0be2e07-e4b4-4f1a-8fce-c7a1e820a817","owner_id":null},{"id":"ec7a3563-16e5-4231-9992-51572723879c","name":"DNS","source":"MITRE","technique_attack_id":"T1071.004","technique_id":"5c6c3492-5dbc-43ee-a3f2-ba1976d3b379","owner_id":null},{"id":"a99d8401-f192-45b1-8d5f-bc3dbf979a24","name":"Symmetric Cryptography","source":"MITRE","technique_attack_id":"T1573.001","technique_id":"ac7b9775-8323-49cb-8fef-3cef972f11ac","owner_id":null},{"id":"637b5b3b-7a66-4640-8555-ee1b4e13c6c6","name":"Fast Flux DNS","source":"MITRE","technique_attack_id":"T1568.001","technique_id":"abae30c8-c6b0-46ae-b464-44b66412065f","owner_id":null},{"id":"4c518e6d-aec4-4fa1-b9b4-42fc8fdd549e","name":"Application Layer Protocol","source":"MITRE","technique_attack_id":"T1071","technique_id":"8a7afe43-b814-41b3-8bd8-e1301b8ba5b4","owner_id":null},{"id":"15c288ba-cfbe-408e-9d19-379ac81cc5fb","name":"Remote Access Tools","source":"MITRE","technique_attack_id":"T1219","technique_id":"acf828f4-7e7e-43e1-bf15-ceab42021430","owner_id":null},{"id":"c39658db-c735-4166-857f-08dc26f14d9a","name":"Traffic Signaling","source":"MITRE","technique_attack_id":"T1205","technique_id":"c2cf211a-9676-4922-a386-69697ab4934a","owner_id":null},{"id":"9c9f12e6-b7f7-449a-942b-cae41e1bbdfe","name":"Protocol Tunneling","source":"MITRE","technique_attack_id":"T1572","technique_id":"bd677092-d197-4230-b94a-438cb24260fd","owner_id":null},{"id":"520d6e4f-c724-49f2-87a2-6b4a18ed9809","name":"Mail Protocols","source":"MITRE","technique_attack_id":"T1071.003","technique_id":"350fd3f9-2d62-498f-be62-fc4b9907ff02","owner_id":null},{"id":"6638a6ad-3da0-44cc-ae69-5d838e0b4052","name":"Communication Through Removable Media","source":"MITRE","technique_attack_id":"T1092","technique_id":"0783c499-1564-4062-addc-f1ff86ef4e59","owner_id":null},{"id":"d914383e-0c8d-464b-abb4-b7fd02204220","name":"External Proxy","source":"MITRE","technique_attack_id":"T1090.002","technique_id":"4c2c7469-0dbc-410f-891b-1040d4f2ff0b","owner_id":null},{"id":"4bdf4821-6a79-4503-9dd1-231026158b8b","name":"Proxy","source":"MITRE","technique_attack_id":"T1090","technique_id":"ba6a869a-c870-4be6-bc08-e078f0efdc3b","owner_id":null},{"id":"6344e989-cfc3-4b9f-b8be-661b3174c538","name":"Dynamic Resolution","source":"MITRE","technique_attack_id":"T1568","technique_id":"987ad3da-9423-4fe0-a52b-b931c0b8b95f","owner_id":null},{"id":"17858f42-a001-50b3-a789-9561f90577c4","name":"IDE Tunneling","source":"MITRE","technique_attack_id":"T1219.001","technique_id":"7057b98d-e4a9-526c-b0f7-6a95e10feb71","owner_id":null},{"id":"36405acc-8a8b-5044-8674-e1940941f0b5","name":"Remote Access Hardware","source":"MITRE","technique_attack_id":"T1219.003","technique_id":"9ca4aa8c-e1a2-51c7-9bc6-af70495d34b6","owner_id":null},{"id":"73792a71-da99-5515-a4ed-b27b6754c23b","name":"Remote Desktop Software","source":"MITRE","technique_attack_id":"T1219.002","technique_id":"42d1b88a-c83b-5dc0-922f-f590fb7c6eb3","owner_id":null},{"id":"1c23836a-41b1-40a0-b405-ef4a22733ba5","name":"Multi-hop Proxy","source":"MITRE","technique_attack_id":"T1090.003","technique_id":"fa05c148-56a0-43ae-b8e4-2d4e91641400","owner_id":null},{"id":"d1e74721-d2d2-40d7-93a8-532a0fe7ea0d","name":"Data Obfuscation","source":"MITRE","technique_attack_id":"T1001","technique_id":"57f95410-5735-43ae-9fec-8b628a7df985","owner_id":null},{"id":"966b0517-b347-4be9-aa05-219013fdfce8","name":"Non-Standard Port","source":"MITRE","technique_attack_id":"T1571","technique_id":"36850d17-a7d5-41ac-aa89-040b9c0b2b3f","owner_id":null},{"id":"79ffc3fe-c866-41a5-97f8-3a62ed238365","name":"Encrypted Channel","source":"MITRE","technique_attack_id":"T1573","technique_id":"0e704680-c930-42a7-9caa-5802b8cb2c48","owner_id":null},{"id":"9f2ed6ce-b6dc-4c64-915a-7bb1a239d4a8","name":"Bidirectional Communication","source":"MITRE","technique_attack_id":"T1102.002","technique_id":"f8a4c7ee-074b-4bfc-95be-43d91756b73c","owner_id":null},{"id":"0d13026a-456e-4644-8be7-5c8215f906e7","name":"Asymmetric Cryptography","source":"MITRE","technique_attack_id":"T1573.002","technique_id":"ce822cce-f7f1-4753-bff1-12e5bef66d53","owner_id":null},{"id":"4b6f72a0-02e0-42df-bc9d-ba405b9a02bf","name":"Non-Application Layer Protocol","source":"MITRE","technique_attack_id":"T1095","technique_id":"4aed5968-6380-47d2-bbd7-3a4d959089e1","owner_id":null},{"id":"78229638-3389-4e69-89e8-8bd546886ef8","name":"Protocol or Service Impersonation","source":"MITRE","technique_attack_id":"T1001.003","technique_id":"eb15320a-cd24-45b2-b23f-05ef8daf1039","owner_id":null},{"id":"5872c3c3-619e-41ee-ab90-4cb6e7e90d93","name":"Web Service","source":"MITRE","technique_attack_id":"T1102","technique_id":"a729feee-8e21-444e-8eea-2ec595b09931","owner_id":null},{"id":"6ab9548c-1544-4cf7-90b1-cedae8d7af6b","name":"DNS Calculation","source":"MITRE","technique_attack_id":"T1568.003","technique_id":"e9cc000d-174e-4e6c-9513-a0c000061700","owner_id":null},{"id":"b87f4e33-ab21-4793-a0b4-e028177149ba","name":"Multi-Stage Channels","source":"MITRE","technique_attack_id":"T1104","technique_id":"e54bdb49-6039-4048-9be6-657a7ff3e071","owner_id":null},{"id":"9d2f0784-7ca2-4600-a6d9-ea63f70817b7","name":"Port Knocking","source":"MITRE","technique_attack_id":"T1205.001","technique_id":"34a112db-c61d-4ea2-872f-de3fc1af87a3","owner_id":null},{"id":"ab9f1f8f-6876-4ab5-8306-88fea3e46d3f","name":"File Transfer Protocols","source":"MITRE","technique_attack_id":"T1071.002","technique_id":"a4f21b08-bf5b-4ba3-af69-cce01a467859","owner_id":null},{"id":"8558589e-6f00-48d0-ba23-7563e15f29b9","name":"One-Way Communication","source":"MITRE","technique_attack_id":"T1102.003","technique_id":"9ff640ed-572e-4adc-bdc6-234a9e8ef36b","owner_id":null},{"id":"74cb2518-588b-4b7f-bc3a-b0dca17f25b3","name":"Domain Fronting","source":"MITRE","technique_attack_id":"T1090.004","technique_id":"12a5e66d-6a21-4e75-a201-97235698d67d","owner_id":null},{"id":"63098345-ab91-4848-8250-887718830162","name":"Data Encoding","source":"MITRE","technique_attack_id":"T1132","technique_id":"7d8af4f3-7d8e-4ef2-b828-40a910fc6188","owner_id":null},{"id":"ed32d15d-c891-4dcf-9262-4e9c566469d9","name":"Non-Standard Encoding","source":"MITRE","technique_attack_id":"T1132.002","technique_id":"0848222e-ddc2-489e-8ea4-e19634f6af34","owner_id":null},{"id":"d688b696-0af6-4d97-aa8a-65e522eedec7","name":"Web Protocols","source":"MITRE","technique_attack_id":"T1071.001","technique_id":"9a21ec7b-9714-4073-9bf3-4df41995c698","owner_id":null},{"id":"665865eb-17af-4b93-962e-a49cf850dd75","name":"Ingress Tool Transfer","source":"MITRE","technique_attack_id":"T1105","technique_id":"4499ce34-9871-4879-883c-19ddb940f242","owner_id":null},{"id":"f9f2d8dd-ff5a-4b43-b010-95fdaeabd948","name":"Steganography","source":"MITRE","technique_attack_id":"T1001.002","technique_id":"2735f8d1-0e46-4cd7-bfbb-78941bb266fd","owner_id":null},{"id":"795d0c21-38d1-46b3-a1c7-0f411e8d695b","name":"Fallback Channels","source":"MITRE","technique_attack_id":"T1008","technique_id":"be8786b3-cd3d-47ef-a9e7-cd3ab3c901a1","owner_id":null},{"id":"a7d83c92-f351-4f7e-9285-59bf6864693f","name":"Internal Proxy","source":"MITRE","technique_attack_id":"T1090.001","technique_id":"8b744bfc-6bfb-45c5-8bb8-5b736ce7e634","owner_id":null},{"id":"601e6d06-c4fd-478a-98d4-daf7cf056136","name":"Dead Drop Resolver","source":"MITRE","technique_attack_id":"T1102.001","technique_id":"faeec22d-dff4-496f-9c7e-14c4f2c8d054","owner_id":null},{"id":"e3ca6559-4b40-4356-8f65-066163aa957a","name":"Junk Data","source":"MITRE","technique_attack_id":"T1001.001","technique_id":"584d1c76-7da9-4374-87df-e622d78fc270","owner_id":null},{"id":"28e20808-f376-5969-8fc7-af9f12dba82e","name":"Content Injection","source":"MITRE","technique_attack_id":"T1659","technique_id":"3f95e4f2-cd4a-502c-a12a-becb8d28440c","owner_id":null},{"id":"39474b08-3d79-55e2-83aa-dd6bd538126b","name":"Hide Infrastructure","source":"MITRE","technique_attack_id":"T1665","technique_id":"a3a2a527-39e7-58b4-a3cc-932eb0cef562","owner_id":null}],"tags":[],"tidal_id":"459349f0-dee0-529e-8b5b-9caa288505c6","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"66249a6d-be4e-43ab-a295-349d03a98023","name":"Exfiltration","description":"The adversary is trying to steal data.\n\nExfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.","ordinal_position":13,"source":"MITRE","tactic_attack_id":"TA0010","owner_name":null,"techniques":[{"id":"75a24f6d-48bd-4ca0-9b8b-45f876f5cd0f","name":"Exfiltration Over C2 Channel","source":"Mobile","technique_attack_id":"T1646","technique_id":"c40d55c2-fe54-5341-856b-d59f4f3703ef","owner_id":null},{"id":"ee8d2c86-40a0-400a-a18b-b471e5cbc149","name":"Exfiltration Over Unencrypted Non-C2 Protocol","source":"Mobile","technique_attack_id":"T1639.001","technique_id":"b4c8febd-141a-5260-8a87-25a87a3836dc","owner_id":null},{"id":"e4e7b3dc-4740-4996-9956-0dcd3f9ea406","name":"Exfiltration Over Alternative Protocol","source":"Mobile","technique_attack_id":"T1639","technique_id":"c035ba5e-280c-5d90-b5d6-9121c78d3f85","owner_id":null},{"id":"60081081-b065-4428-9de9-7593f58acaac","name":"Exfiltration Over Web Service","source":"MITRE","technique_attack_id":"T1567","technique_id":"66768217-acdd-4b52-902f-e29483630ad6","owner_id":null},{"id":"665133d5-e92c-41ba-8eab-9b270f68eb0e","name":"Scheduled Transfer","source":"MITRE","technique_attack_id":"T1029","technique_id":"ea0557cd-94bc-48cf-9c3b-293c40986464","owner_id":null},{"id":"e38b5556-3ada-49ed-b4f3-dad200f9c1aa","name":"Exfiltration Over Other Network Medium","source":"MITRE","technique_attack_id":"T1011","technique_id":"d8541e2d-6bdd-4ec0-95c4-c0f657502d5f","owner_id":null},{"id":"b649a6ec-391c-4522-a01f-14a9d695ece3","name":"Exfiltration Over Bluetooth","source":"MITRE","technique_attack_id":"T1011.001","technique_id":"38cfe608-a7e3-4e4f-9e2d-6a6ab14946f9","owner_id":null},{"id":"c7daa44d-ee80-4380-af87-3dc9e8a0e117","name":"Automated Exfiltration","source":"MITRE","technique_attack_id":"T1020","technique_id":"26abc19f-5968-45f1-aa1f-f35863a2f804","owner_id":null},{"id":"02034558-83ef-4d75-bba6-bf769be446d7","name":"Exfiltration Over Symmetric Encrypted Non-C2 Protocol","source":"MITRE","technique_attack_id":"T1048.001","technique_id":"848e3552-e89d-4981-a5a5-eaf610e6eb37","owner_id":null},{"id":"8f5e6d66-fe99-4656-9470-8992901dea70","name":"Traffic Duplication","source":"MITRE","technique_attack_id":"T1020.001","technique_id":"c2fc2776-e674-46ff-8b8d-ecc90b8b1c26","owner_id":null},{"id":"2105710a-d787-45b4-8e78-6f859d106b4d","name":"Exfiltration to Code Repository","source":"MITRE","technique_attack_id":"T1567.001","technique_id":"c4a8902a-bb87-4be2-bbaf-c40c9ebcbae1","owner_id":null},{"id":"407bbe64-d606-4847-b087-65c8712b20ed","name":"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol","source":"MITRE","technique_attack_id":"T1048.002","technique_id":"b27b273b-77e7-4243-8b48-a735857c0708","owner_id":null},{"id":"b9d3ba37-7a38-4b51-a14b-8641a00c091a","name":"Exfiltration Over C2 Channel","source":"MITRE","technique_attack_id":"T1041","technique_id":"89203cae-d3f1-4eef-9b5a-29042eb05d19","owner_id":null},{"id":"e3b33a94-7c8e-4585-9a1c-17881d4b0eeb","name":"Exfiltration Over Alternative Protocol","source":"MITRE","technique_attack_id":"T1048","technique_id":"192d25ea-bae1-48e4-88de-e0acd481ab88","owner_id":null},{"id":"bddb3e06-f429-4b97-bfca-4e15a69c85be","name":"Exfiltration over USB","source":"MITRE","technique_attack_id":"T1052.001","technique_id":"f424dade-21f3-4269-9940-ce64d93b97c4","owner_id":null},{"id":"a327f88f-cf5c-4d29-b085-37b231f7a6e0","name":"Exfiltration to Cloud Storage","source":"MITRE","technique_attack_id":"T1567.002","technique_id":"ce886c55-17ab-4c1c-90dc-3aa93e69bdb4","owner_id":null},{"id":"a2a00615-dd59-42e9-8807-4db370188251","name":"Data Transfer Size Limits","source":"MITRE","technique_attack_id":"T1030","technique_id":"dc98c882-8fba-4a10-bc6f-43088edb87af","owner_id":null},{"id":"e78aa93c-5e4c-4982-9800-0068f0455f50","name":"Transfer Data to Cloud Account","source":"MITRE","technique_attack_id":"T1537","technique_id":"ab4f22d6-465f-4a16-8a40-693f2234c4ac","owner_id":null},{"id":"bc018cf6-3c0d-4523-a29e-0715dc6e2e26","name":"Exfiltration Over Physical Medium","source":"MITRE","technique_attack_id":"T1052","technique_id":"36e0e8c0-ed8c-42b5-8bbf-b7cb322bc26f","owner_id":null},{"id":"d3733ce1-895b-4c2b-b0d2-05ee79aab368","name":"Exfiltration Over Unencrypted Non-C2 Protocol","source":"MITRE","technique_attack_id":"T1048.003","technique_id":"27041aa4-13e7-4d84-b1c7-02047beb5534","owner_id":null},{"id":"b1a7a1d7-18c8-5baa-aec1-5540433c2c5a","name":"Exfiltration Over Webhook","source":"MITRE","technique_attack_id":"T1567.004","technique_id":"4c34fe8b-ea13-55f9-9a2f-5948e2a2ecca","owner_id":null},{"id":"3ebab26c-7912-56c5-ad29-77641feecc2c","name":"Exfiltration to Text Storage Sites","source":"MITRE","technique_attack_id":"T1567.003","technique_id":"8b6743e7-e856-5772-8b38-2c002602b365","owner_id":null}],"tags":[],"tidal_id":"fdc46430-b6ae-54d7-9415-ee49f6e08dd4","matrices":["eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"52c0edbc-ce4d-429a-b1d5-720403e0172f","name":"Impact","description":"The adversary is trying to manipulate, interrupt, or destroy your systems and data.\n \nImpact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.","ordinal_position":14,"source":"MITRE","tactic_attack_id":"TA0040","owner_name":null,"techniques":[{"id":"6239380f-1f1a-4064-a566-f1ced8cbe5a2","name":"Call Control","source":"Mobile","technique_attack_id":"T1616","technique_id":"017daf49-59d2-5593-b97f-8d3602d42c66","owner_id":null},{"id":"144d4191-fa0d-4a70-b765-aa1b19124061","name":"Transmitted Data Manipulation","source":"Mobile","technique_attack_id":"T1641.001","technique_id":"b1c13114-85f6-5af2-9282-cce7dce982b8","owner_id":null},{"id":"6ef4ad43-6bed-4100-ad78-28127f54a2dd","name":"Data Destruction","source":"Mobile","technique_attack_id":"T1662","technique_id":"02af6838-a4df-5601-aa38-4f7bc5623edb","owner_id":null},{"id":"d2f6c4fe-6093-46ee-8d4d-80f67d02e1ba","name":"Generate Traffic from Victim","source":"Mobile","technique_attack_id":"T1643","technique_id":"1d570880-0fa7-5c1b-b80a-b7f0ef5eba7d","owner_id":null},{"id":"9e034ee4-6f61-4cf6-b6f3-65aa5ad04136","name":"SMS Control","source":"Mobile","technique_attack_id":"T1582","technique_id":"6e2040c2-9d5d-57f3-8372-63361f6aa114","owner_id":null},{"id":"5daf4035-b0b4-4621-b0fe-cd9a9ecb09d4","name":"Data Manipulation","source":"Mobile","technique_attack_id":"T1641","technique_id":"a7f19c46-2894-5a97-9ec5-04e5c61d0e6b","owner_id":null},{"id":"f87088e5-93a1-42fe-a7a9-e866e8a8f2c1","name":"Input Injection","source":"Mobile","technique_attack_id":"T1516","technique_id":"98787c96-3862-5311-986f-61916cc47fc7","owner_id":null},{"id":"29486fc7-c644-4faf-81f6-e55128473a1b","name":"Network Denial of Service","source":"Mobile","technique_attack_id":"T1464","technique_id":"3034feda-598e-536e-8fc4-01d7007d1801","owner_id":null},{"id":"666afc39-df37-40be-b584-06a25189186f","name":"Data Encrypted for Impact","source":"Mobile","technique_attack_id":"T1471","technique_id":"8797c02e-efc8-57bb-9590-d72317092f8a","owner_id":null},{"id":"ae959486-582f-4b5a-b82a-20e6abec51bc","name":"Account Access Removal","source":"Mobile","technique_attack_id":"T1640","technique_id":"b6215a12-9cb1-55ac-82ff-dd8109019313","owner_id":null},{"id":"1c9fbaec-08ad-4c87-b312-7a222afd1753","name":"Endpoint Denial of Service","source":"Mobile","technique_attack_id":"T1642","technique_id":"540e6472-3223-51e0-b667-163270faee99","owner_id":null},{"id":"cbc02d99-c370-4a6f-807c-6809bb4358eb","name":"Loss of View","source":"ICS","technique_attack_id":"T0829","technique_id":"a03597c4-2fc1-58b5-81c0-1385a214202a","owner_id":null},{"id":"1c836d42-6bc4-426d-8d07-3e606b63daf5","name":"Manipulation of Control","source":"ICS","technique_attack_id":"T0831","technique_id":"a674bd61-bba7-595c-97ef-6c9456ed1864","owner_id":null},{"id":"386ee70e-2d66-40d5-9f51-113360c0523f","name":"Loss of Protection","source":"ICS","technique_attack_id":"T0837","technique_id":"1f5bf8dd-8791-5290-80bc-1314016e90af","owner_id":null},{"id":"0952edc1-02c6-4861-a53a-65be820880be","name":"Manipulation of View","source":"ICS","technique_attack_id":"T0832","technique_id":"7545315d-7a2c-5bd5-ac20-9c7a3bfa9246","owner_id":null},{"id":"ac4497fe-9915-4662-ae4b-d84c7579f80d","name":"Denial of View","source":"ICS","technique_attack_id":"T0815","technique_id":"20c4965e-348b-5812-80aa-bfc6cfe879a9","owner_id":null},{"id":"0ce96a3c-4f37-4242-b53e-0d3e9215cec2","name":"Loss of Safety","source":"ICS","technique_attack_id":"T0880","technique_id":"2e2eaed3-1a83-515a-af3a-a4839fef4f89","owner_id":null},{"id":"223fc206-7af4-4047-b570-eb42d297a1bc","name":"Loss of Productivity and Revenue","source":"ICS","technique_attack_id":"T0828","technique_id":"98b45650-5756-5040-aa07-e7cebf6c8805","owner_id":null},{"id":"84e8781b-0e76-4dfa-b7e1-eb51add2cfcc","name":"Damage to Property","source":"ICS","technique_attack_id":"T0879","technique_id":"e92140c0-f2b2-5632-9aec-f87890cd60b9","owner_id":null},{"id":"923c0ef5-e9f3-40fa-bc5f-6b7a8d0b61f7","name":"Loss of Control","source":"ICS","technique_attack_id":"T0827","technique_id":"1ed84039-83ca-5d9a-8cc4-e08475a32173","owner_id":null},{"id":"d902e3ff-687f-4215-a849-19aaa26d485b","name":"Loss of Availability","source":"ICS","technique_attack_id":"T0826","technique_id":"cd8d669c-e09e-5f7e-addc-43ec1ad8df19","owner_id":null},{"id":"859fa0dd-3cea-46f5-bd64-629ec5a0bf83","name":"Theft of Operational Information","source":"ICS","technique_attack_id":"T0882","technique_id":"0002398f-9ef0-5df9-8f75-d502853ee321","owner_id":null},{"id":"6144ebd1-4930-4247-adb5-137947255cb8","name":"Denial of Control","source":"ICS","technique_attack_id":"T0813","technique_id":"7c2c91ba-9f8b-5c2d-a595-25301517e835","owner_id":null},{"id":"55d0ad1b-9322-4b54-9e72-8f6699abea61","name":"Data Manipulation","source":"MITRE","technique_attack_id":"T1565","technique_id":"b77f03e8-f7d0-4d0f-8b79-4642d0fe2709","owner_id":null},{"id":"1b6101c4-4200-4c22-b6ed-bb0de87a9dda","name":"Account Access Removal","source":"MITRE","technique_attack_id":"T1531","technique_id":"847fcc8a-e74d-41e2-9f05-8d79d990cc04","owner_id":null},{"id":"ba456b40-98f5-471d-9c04-a9bc3bc9ce05","name":"Data Encrypted for Impact","source":"MITRE","technique_attack_id":"T1486","technique_id":"f0c36d24-263c-4811-8784-f716c77ec6b3","owner_id":null},{"id":"ff5a3de5-e203-42a8-9b2a-eba5ea73790c","name":"Endpoint Denial of Service","source":"MITRE","technique_attack_id":"T1499","technique_id":"8b0caea0-602e-4117-8322-b125150f5c2a","owner_id":null},{"id":"45262fd4-743d-4ee3-8253-a00f26656a2f","name":"Resource Hijacking","source":"MITRE","technique_attack_id":"T1496","technique_id":"d10c4a15-aeaa-4630-a7a3-3373c89a584f","owner_id":null},{"id":"15960a22-7480-405b-af66-69652d45a4df","name":"Transmitted Data Manipulation","source":"MITRE","technique_attack_id":"T1565.002","technique_id":"70365fab-8531-4a0e-b147-7cabdfdef243","owner_id":null},{"id":"daaf0a65-ed1f-49c9-963b-99559a4e3d33","name":"Data Destruction","source":"MITRE","technique_attack_id":"T1485","technique_id":"e5016c2b-85fe-4e6b-917d-0dd5b441cc34","owner_id":null},{"id":"6cf892f3-420d-4eed-9923-8c1a588e72ea","name":"Network Denial of Service","source":"MITRE","technique_attack_id":"T1498","technique_id":"e6c14a7b-1fb8-4557-83e7-7f5b89717311","owner_id":null},{"id":"fc74c890-9365-42c3-9224-c968ce024f07","name":"Firmware Corruption","source":"MITRE","technique_attack_id":"T1495","technique_id":"559c647a-7759-4943-856d-dc717b5a443e","owner_id":null},{"id":"2b295cec-abfc-4175-9e2c-c9a28dafe121","name":"Inhibit System Recovery","source":"MITRE","technique_attack_id":"T1490","technique_id":"d207c03b-fbe7-420e-a053-339f4650c043","owner_id":null},{"id":"97cd0a09-cb9a-494e-ae6c-4c785b64a77a","name":"Disk Content Wipe","source":"MITRE","technique_attack_id":"T1561.001","technique_id":"761fa7fa-d7e1-4796-85b3-5cd37d55dffa","owner_id":null},{"id":"c985473a-f5dd-4de4-9ef3-753cf50c7389","name":"System Shutdown/Reboot","source":"MITRE","technique_attack_id":"T1529","technique_id":"24787dca-6afd-4ab3-ab6c-32e9486ec418","owner_id":null},{"id":"70758be0-3d9b-533a-84f5-a4ab182273e6","name":"Lifecycle-Triggered Deletion","source":"MITRE","technique_attack_id":"T1485.001","technique_id":"4a4a4fc9-88bc-500e-ae0e-db0d5f1f5503","owner_id":null},{"id":"77fa1511-13e6-5f13-8adb-60f0c7241f3c","name":"SMS Pumping","source":"MITRE","technique_attack_id":"T1496.003","technique_id":"7683b3ab-64c0-539a-8c37-d5fa4cb6b2a8","owner_id":null},{"id":"48ca8c95-297a-59fa-a888-f1288818ca7f","name":"Bandwidth Hijacking","source":"MITRE","technique_attack_id":"T1496.002","technique_id":"99360c91-8f86-544f-8689-494ad62c1890","owner_id":null},{"id":"d0a56007-fec1-5745-9d7a-a9b757d684eb","name":"Cloud Service Hijacking","source":"MITRE","technique_attack_id":"T1496.004","technique_id":"1471c62a-d480-5234-801d-ac228fd7a31c","owner_id":null},{"id":"80351b87-39d2-5cb2-bcb5-afe1d8cafdb8","name":"Compute Hijacking","source":"MITRE","technique_attack_id":"T1496.001","technique_id":"c7e3f0b5-f25e-5a99-9831-f8fd21ee3d22","owner_id":null},{"id":"005735ca-92ad-4c55-b9e2-93088b0dc222","name":"Disk Structure Wipe","source":"MITRE","technique_attack_id":"T1561.002","technique_id":"14a944d3-ab95-40d8-b069-ccc4824ef46d","owner_id":null},{"id":"8cc231dc-faad-49e5-bf88-7286bb429d2c","name":"Direct Network Flood","source":"MITRE","technique_attack_id":"T1498.001","technique_id":"66657af9-83f7-4a54-b41b-301bfcdae866","owner_id":null},{"id":"0c370b55-a0e5-4ef7-a0b9-3dea6e78e551","name":"External Defacement","source":"MITRE","technique_attack_id":"T1491.002","technique_id":"26db57d5-ce6f-4487-a8a8-b4af1c4b6406","owner_id":null},{"id":"93b9ab72-4187-44c4-85ae-466776f3b07b","name":"OS Exhaustion Flood","source":"MITRE","technique_attack_id":"T1499.001","technique_id":"b05b5092-60f8-4324-aee3-7522753439ac","owner_id":null},{"id":"19bc5197-bc02-4a28-ad3f-79809f7a9eb6","name":"Application Exhaustion Flood","source":"MITRE","technique_attack_id":"T1499.003","technique_id":"49ef3482-7b75-4097-b9a6-6c9cb99d865c","owner_id":null},{"id":"f8862a58-177a-4378-b480-cfdff902ea51","name":"Disk Wipe","source":"MITRE","technique_attack_id":"T1561","technique_id":"ea2b3980-05fd-41a3-8ab9-3106e833c821","owner_id":null},{"id":"50bf2044-cf83-4719-a16d-bc55de43cb53","name":"Stored Data Manipulation","source":"MITRE","technique_attack_id":"T1565.001","technique_id":"d693ca8a-dacf-439e-a16b-5f6b3406a21d","owner_id":null},{"id":"e5062b99-fb9d-479b-8600-7295c702e497","name":"Service Stop","source":"MITRE","technique_attack_id":"T1489","technique_id":"e27c5756-f43e-424f-af62-b21e8b304e5d","owner_id":null},{"id":"7061364b-b4b1-4301-9e3b-56322ca6f7fb","name":"Application or System Exploitation","source":"MITRE","technique_attack_id":"T1499.004","technique_id":"2109de05-5b45-4519-94a2-6c04f7d88286","owner_id":null},{"id":"d0341487-d503-4ede-bdba-2c9afaa8e5b6","name":"Runtime Data Manipulation","source":"MITRE","technique_attack_id":"T1565.003","technique_id":"3ec6bb34-4134-40c3-8b67-c0aeceae4471","owner_id":null},{"id":"4b05b4c9-e941-419c-afd4-4e838cddc919","name":"Reflection Amplification","source":"MITRE","technique_attack_id":"T1498.002","technique_id":"66cf4803-aec1-4396-afc1-28bc27dd8b2c","owner_id":null},{"id":"31ff98cb-b266-46d6-8693-f59f86f92db9","name":"Service Exhaustion Flood","source":"MITRE","technique_attack_id":"T1499.002","technique_id":"03619027-8a54-4cb2-8f1d-38d476edbdd8","owner_id":null},{"id":"d3c79690-fd58-421c-915b-9b1f4003ca13","name":"Defacement","source":"MITRE","technique_attack_id":"T1491","technique_id":"9a21c7c7-cf8e-4f05-b196-86ec39653e3b","owner_id":null},{"id":"52c12deb-44c3-4671-b757-618a4ca4bb93","name":"Internal Defacement","source":"MITRE","technique_attack_id":"T1491.001","technique_id":"546a3318-0e03-4b22-95f5-c02ff69a4ebf","owner_id":null},{"id":"3b756124-ab76-5299-895d-cf570eb0a488","name":"Email Bombing","source":"MITRE","technique_attack_id":"T1667","technique_id":"bda97b6f-6465-5f17-81a9-8641d08ff1c0","owner_id":null},{"id":"1af066df-3029-506d-8bb4-2d20de8585e2","name":"Financial Theft","source":"MITRE","technique_attack_id":"T1657","technique_id":"b9c9fd13-c10c-5e78-aeeb-ac18dc0605f9","owner_id":null}],"tags":[],"tidal_id":"41a50f93-2109-527c-816b-99b22cbe1e73","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3","eb526fa4-3108-46a7-9494-91cade94b1eb","40dc7e2b-09db-58cd-9f1f-3e5b29d1ea95"]},{"id":"b1017f61-95ac-51e4-836b-1ad54a2cd220","name":"Inhibit Response Function","description":"The adversary is trying to prevent your safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state.\n\nInhibit Response Function consists of techniques that adversaries use to hinder the safeguards put in place for processes and products. This may involve the inhibition of safety, protection, quality assurance, or operator intervention functions to disrupt safeguards that aim to prevent the loss of life, destruction of equipment, and disruption of production. These techniques aim to actively deter and prevent expected alarms and responses that arise due to statuses in the ICS environment. Adversaries may modify or update system logic, or even outright prevent responses with a denial-of-service. They may result in the prevention, destruction, manipulation, or modification of programs, logic, devices, and communications. As prevention functions are generally dormant, reporting and processing functions can appear fine, but may have been altered to prevent failure responses in dangerous scenarios. Unlike [Evasion](https://app.tidalcyber.com/tactics/8e29c6c9-0c10-4bb0-827d-ff0ab8922726), Inhibit Response Function techniques may be more intrusive, such as actively preventing responses to a known dangerous scenario. Adversaries may use these techniques to follow through with or provide cover for [Impact](https://app.tidalcyber.com/tactics/52c0edbc-ce4d-429a-b1d5-720403e0172f) techniques.","ordinal_position":15,"source":"ICS","tactic_attack_id":"TA0107","owner_name":null,"techniques":[{"id":"f376249b-3db0-4bf3-a236-9d784c69bf0d","name":"Block Command Message","source":"ICS","technique_attack_id":"T0803","technique_id":"e2aa0b82-b6ce-5f9d-a4df-ce2dc71bca0e","owner_id":null},{"id":"ddd1950f-dfb2-4025-9233-aa608dfb7e21","name":"Service Stop","source":"ICS","technique_attack_id":"T0881","technique_id":"bfc12e18-1f37-585a-8206-e9b51b109a15","owner_id":null},{"id":"f2d38e88-63a4-466a-9e8d-809c9be8273b","name":"Activate Firmware Update Mode","source":"ICS","technique_attack_id":"T0800","technique_id":"0ad6ca0e-40de-55e4-824a-5e1880feb0e9","owner_id":null},{"id":"271b18a9-e296-4dc0-bc9c-408f7f28667a","name":"Denial of Service","source":"ICS","technique_attack_id":"T0814","technique_id":"43ec8867-9832-5e43-bdcf-dcd0517faa36","owner_id":null},{"id":"e3b20b81-0e7e-4f4c-82df-aa61bfcf9339","name":"Block Serial COM","source":"ICS","technique_attack_id":"T0805","technique_id":"97372254-b895-5370-8b19-2dfeb8215a86","owner_id":null},{"id":"bc174409-948c-406b-9772-ebfb7a3f84f1","name":"Device Restart/Shutdown","source":"ICS","technique_attack_id":"T0816","technique_id":"0cffd036-af11-52ed-9173-0f78729f41cf","owner_id":null},{"id":"214f4ace-79bd-4cbc-b0f6-356bad744b61","name":"Alarm Suppression","source":"ICS","technique_attack_id":"T0878","technique_id":"efaf92bb-2351-5ede-8cc0-5bef3e49fcbb","owner_id":null},{"id":"da552950-46c3-4cf9-8047-d4fc54241d17","name":"Manipulate I/O Image","source":"ICS","technique_attack_id":"T0835","technique_id":"9f531f2a-3d74-57ca-89b8-216a7f323f64","owner_id":null},{"id":"64709993-a9d0-4cb5-970c-16a5e0e4dca3","name":"Rootkit","source":"ICS","technique_attack_id":"T0851","technique_id":"e6bf7b96-7e00-5428-ad50-2a077b796fa2","owner_id":null},{"id":"dd3e01ba-c8af-4a2b-9570-749e71fcd998","name":"Block Reporting Message","source":"ICS","technique_attack_id":"T0804","technique_id":"1ac37872-fd5a-5713-b877-0293aea9953d","owner_id":null},{"id":"15d36c58-8638-41a3-a3e6-c8fa77c3cd9a","name":"Data Destruction","source":"ICS","technique_attack_id":"T0809","technique_id":"3ce0f0b0-1b8e-5a14-a51c-159943d7de74","owner_id":null},{"id":"b02ff03d-3536-4077-b870-f2986a0eaf76","name":"System Firmware","source":"ICS","technique_attack_id":"T0857","technique_id":"9fe35da4-07ec-5e26-b288-59c50dc55ef3","owner_id":null},{"id":"2c22081c-97ac-4a87-b864-e94f65b3b349","name":"Modify Alarm Settings","source":"ICS","technique_attack_id":"T0838","technique_id":"d6d709a0-1463-5f86-b002-a1f3da72909d","owner_id":null},{"id":"f77e6574-515b-4b00-92e1-74942da4afd8","name":"Change Credential","source":"ICS","technique_attack_id":"T0892","technique_id":"11625523-816a-5b1b-bbee-57559c5e60c2","owner_id":null}],"tags":[],"tidal_id":"b1017f61-95ac-51e4-836b-1ad54a2cd220","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3"]},{"id":"946090c5-60fb-5508-9458-1dcf82feef9f","name":"Impair Process Control","description":"The adversary is trying to manipulate, disable, or damage physical control processes.\n\nImpair Process Control consists of techniques that adversaries use to disrupt control logic and cause determinantal effects to processes being controlled in the target environment. Targets of interest may include active procedures or parameters that manipulate the physical environment. These techniques can also include prevention or manipulation of reporting elements and control logic. If an adversary has modified process functionality, then they may also obfuscate the results, which are often self-revealing in their impact on the outcome of a product or the environment. The direct physical control these techniques exert may also threaten the safety of operators and downstream users, which can prompt response mechanisms. Adversaries may follow up with or use [Inhibit Response Function](https://app.tidalcyber.com/tactics/b1017f61-95ac-51e4-836b-1ad54a2cd220) techniques in tandem, to assist with the successful abuse of control processes to result in [Impact](https://app.tidalcyber.com/tactics/52c0edbc-ce4d-429a-b1d5-720403e0172f).","ordinal_position":16,"source":"ICS","tactic_attack_id":"TA0106","owner_name":null,"techniques":[{"id":"c91fda2d-8a22-4c86-b35f-dd394a8005bd","name":"Modify Parameter","source":"ICS","technique_attack_id":"T0836","technique_id":"bb40e381-5268-5ab8-9303-e61f0ef33e42","owner_id":null},{"id":"eee73568-abdd-4ad4-8016-9e751e969acf","name":"Unauthorized Command Message","source":"ICS","technique_attack_id":"T0855","technique_id":"b840bd40-a468-525c-83a7-4dbc5a8f5626","owner_id":null},{"id":"efb9ed2d-d30d-409e-b249-1729383db3cf","name":"Spoof Reporting Message","source":"ICS","technique_attack_id":"T0856","technique_id":"03dd6fa1-a50f-5f84-848a-0eba52aa0eca","owner_id":null},{"id":"640666bf-3568-42c9-ba56-f586ca2454eb","name":"Brute Force I/O","source":"ICS","technique_attack_id":"T0806","technique_id":"492d7044-ede3-5e17-b156-f0ce9893dff6","owner_id":null},{"id":"85b4b24c-105b-468c-b8b6-0b6289956721","name":"Module Firmware","source":"ICS","technique_attack_id":"T0839","technique_id":"d04f6ff7-8561-57e6-a8fa-2a1fce9a650f","owner_id":null}],"tags":[],"tidal_id":"946090c5-60fb-5508-9458-1dcf82feef9f","matrices":["5e22991b-89e1-5fe0-8883-53197a2e5ef3"]}]}