mitre-attack.github.io
Open in
urlscan Pro
2606:50c0:8003::153
Public Scan
Submitted URL: https://bit.ly/3koitXj
Effective URL: https://mitre-attack.github.io/attack-navigator/
Submission: On June 23 via manual from SA — Scanned from DE
Effective URL: https://mitre-attack.github.io/attack-navigator/
Submission: On June 23 via manual from SA — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Exabeam MITRE Map * selection controls lock search clear0 * layer controls description file_download grid_on camera_alt filter_list 2 1 palette visibility unfold_more unfold_less view_module * technique controls texture format_color_fill insert_chart insert_comment link list layers_clear Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact 10 techniques 7 techniques 9 techniques 12 techniques 19 techniques 13 techniques 42 techniques 16 techniques 30 techniques 9 techniques 17 techniques 16 techniques 9 techniques 13 techniques Active Scanning (0/3) = Scanning IP Blocks Vulnerability Scanning Wordlist Scanning Gather Victim Host Information (0/4) = Client Configurations Firmware Hardware Software Gather Victim Identity Information (0/3) = Credentials Email Addresses Employee Names Gather Victim Network Information (0/6) = DNS Domain Properties IP Addresses Network Security Appliances Network Topology Network Trust Dependencies Gather Victim Org Information (0/4) = Business Relationships Determine Physical Locations Identify Business Tempo Identify Roles Phishing for Information (0/3) = Spearphishing Attachment Spearphishing Link Spearphishing Service Search Closed Sources (0/2) = Purchase Technical Data Threat Intel Vendors Search Open Technical Databases (0/5) = CDNs Digital Certificates DNS/Passive DNS Scan Databases WHOIS Search Open Websites/Domains (0/2) = Search Engines Social Media Search Victim-Owned Websites Acquire Infrastructure (0/6) = Botnet DNS Server Domains Server Virtual Private Server Web Services Compromise Accounts (0/2) = Email Accounts Social Media Accounts Compromise Infrastructure (0/6) = Botnet DNS Server Domains Server Virtual Private Server Web Services Develop Capabilities (0/4) = Code Signing Certificates Digital Certificates Exploits Malware Establish Accounts (0/2) = Email Accounts Social Media Accounts Obtain Capabilities (0/6) = Code Signing Certificates Digital Certificates Exploits Malware Tool Vulnerabilities Stage Capabilities (0/5) = Drive-by Target Install Digital Certificate Link Target Upload Malware Upload Tool Drive-by Compromise Exploit Public-Facing Application External Remote Services Hardware Additions Phishing (0/3) = Spearphishing Attachment Spearphishing Link Spearphishing via Service Replication Through Removable Media Supply Chain Compromise (0/3) = Compromise Hardware Supply Chain Compromise Software Dependencies and Development Tools Compromise Software Supply Chain Trusted Relationship Valid Accounts (0/4) = Cloud Accounts Default Accounts Domain Accounts Local Accounts Command and Scripting Interpreter (0/8) = AppleScript JavaScript Network Device CLI PowerShell Python Unix Shell Visual Basic Windows Command Shell Container Administration Command Deploy Container Exploitation for Client Execution Inter-Process Communication (0/3) = Component Object Model Dynamic Data Exchange XPC Services Native API Scheduled Task/Job (0/5) = At Container Orchestration Job Cron Scheduled Task Systemd Timers Shared Modules Software Deployment Tools System Services (0/2) = Launchctl Service Execution User Execution (0/3) = Malicious File Malicious Image Malicious Link Windows Management Instrumentation Account Manipulation (0/5) = Additional Cloud Credentials Additional Cloud Roles Additional Email Delegate Permissions Device Registration SSH Authorized Keys BITS Jobs Boot or Logon Autostart Execution (0/14) = Active Setup Authentication Package Kernel Modules and Extensions Login Items LSASS Driver Port Monitors Print Processors Re-opened Applications Registry Run Keys / Startup Folder Security Support Provider Shortcut Modification Time Providers Winlogon Helper DLL XDG Autostart Entries Boot or Logon Initialization Scripts (0/5) = Login Hook Logon Script (Windows) Network Logon Script RC Scripts Startup Items Browser Extensions Compromise Client Software Binary Create Account (0/3) = Cloud Account Domain Account Local Account Create or Modify System Process (0/4) = Launch Agent Launch Daemon Systemd Service Windows Service Event Triggered Execution (0/15) = Accessibility Features AppCert DLLs AppInit DLLs Application Shimming Change Default File Association Component Object Model Hijacking Emond Image File Execution Options Injection LC_LOAD_DYLIB Addition Netsh Helper DLL PowerShell Profile Screensaver Trap Unix Shell Configuration Modification Windows Management Instrumentation Event Subscription External Remote Services Hijack Execution Flow (0/12) = COR_PROFILER DLL Search Order Hijacking DLL Side-Loading Dylib Hijacking Dynamic Linker Hijacking Executable Installer File Permissions Weakness KernelCallbackTable Path Interception by PATH Environment Variable Path Interception by Search Order Hijacking Path Interception by Unquoted Path Services File Permissions Weakness Services Registry Permissions Weakness Implant Internal Image Modify Authentication Process (0/5) = Domain Controller Authentication Network Device Authentication Password Filter DLL Pluggable Authentication Modules Reversible Encryption Office Application Startup (0/6) = Add-ins Office Template Macros Office Test Outlook Forms Outlook Home Page Outlook Rules Pre-OS Boot (0/5) = Bootkit Component Firmware ROMMONkit System Firmware TFTP Boot Scheduled Task/Job (0/5) = At Container Orchestration Job Cron Scheduled Task Systemd Timers Server Software Component (0/5) = IIS Components SQL Stored Procedures Terminal Services DLL Transport Agent Web Shell Traffic Signaling (0/1) = Port Knocking Valid Accounts (0/4) = Cloud Accounts Default Accounts Domain Accounts Local Accounts Abuse Elevation Control Mechanism (0/4) = Bypass User Account Control Elevated Execution with Prompt Setuid and Setgid Sudo and Sudo Caching Access Token Manipulation (0/5) = Create Process with Token Make and Impersonate Token Parent PID Spoofing SID-History Injection Token Impersonation/Theft Boot or Logon Autostart Execution (0/14) = Active Setup Authentication Package Kernel Modules and Extensions Login Items LSASS Driver Port Monitors Print Processors Re-opened Applications Registry Run Keys / Startup Folder Security Support Provider Shortcut Modification Time Providers Winlogon Helper DLL XDG Autostart Entries Boot or Logon Initialization Scripts (0/5) = Login Hook Logon Script (Windows) Network Logon Script RC Scripts Startup Items Create or Modify System Process (0/4) = Launch Agent Launch Daemon Systemd Service Windows Service Domain Policy Modification (0/2) = Domain Trust Modification Group Policy Modification Escape to Host Event Triggered Execution (0/15) = Accessibility Features AppCert DLLs AppInit DLLs Application Shimming Change Default File Association Component Object Model Hijacking Emond Image File Execution Options Injection LC_LOAD_DYLIB Addition Netsh Helper DLL PowerShell Profile Screensaver Trap Unix Shell Configuration Modification Windows Management Instrumentation Event Subscription Exploitation for Privilege Escalation Hijack Execution Flow (0/12) = COR_PROFILER DLL Search Order Hijacking DLL Side-Loading Dylib Hijacking Dynamic Linker Hijacking Executable Installer File Permissions Weakness KernelCallbackTable Path Interception by PATH Environment Variable Path Interception by Search Order Hijacking Path Interception by Unquoted Path Services File Permissions Weakness Services Registry Permissions Weakness Process Injection (0/12) = Asynchronous Procedure Call Dynamic-link Library Injection Extra Window Memory Injection ListPlanting Portable Executable Injection Proc Memory Process Doppelgänging Process Hollowing Ptrace System Calls Thread Execution Hijacking Thread Local Storage VDSO Hijacking Scheduled Task/Job (0/5) = At Container Orchestration Job Cron Scheduled Task Systemd Timers Valid Accounts (0/4) = Cloud Accounts Default Accounts Domain Accounts Local Accounts Abuse Elevation Control Mechanism (0/4) = Bypass User Account Control Elevated Execution with Prompt Setuid and Setgid Sudo and Sudo Caching Access Token Manipulation (0/5) = Create Process with Token Make and Impersonate Token Parent PID Spoofing SID-History Injection Token Impersonation/Theft BITS Jobs Build Image on Host Debugger Evasion Deobfuscate/Decode Files or Information Deploy Container Direct Volume Access Domain Policy Modification (0/2) = Domain Trust Modification Group Policy Modification Execution Guardrails (0/1) = Environmental Keying Exploitation for Defense Evasion File and Directory Permissions Modification (0/2) = Linux and Mac File and Directory Permissions Modification Windows File and Directory Permissions Modification Hide Artifacts (0/10) = Email Hiding Rules Hidden File System Hidden Files and Directories Hidden Users Hidden Window NTFS File Attributes Process Argument Spoofing Resource Forking Run Virtual Instance VBA Stomping Hijack Execution Flow (0/12) = COR_PROFILER DLL Search Order Hijacking DLL Side-Loading Dylib Hijacking Dynamic Linker Hijacking Executable Installer File Permissions Weakness KernelCallbackTable Path Interception by PATH Environment Variable Path Interception by Search Order Hijacking Path Interception by Unquoted Path Services File Permissions Weakness Services Registry Permissions Weakness Impair Defenses (0/9) = Disable Cloud Logs Disable or Modify Cloud Firewall Disable or Modify System Firewall Disable or Modify Tools Disable Windows Event Logging Downgrade Attack Impair Command History Logging Indicator Blocking Safe Mode Boot Indicator Removal on Host (0/6) = Clear Command History Clear Linux or Mac System Logs Clear Windows Event Logs File Deletion Network Share Connection Removal Timestomp Indirect Command Execution Masquerading (0/7) = Double File Extension Invalid Code Signature Masquerade Task or Service Match Legitimate Name or Location Rename System Utilities Right-to-Left Override Space after Filename Modify Authentication Process (0/5) = Domain Controller Authentication Network Device Authentication Password Filter DLL Pluggable Authentication Modules Reversible Encryption Modify Cloud Compute Infrastructure (0/4) = Create Cloud Instance Create Snapshot Delete Cloud Instance Revert Cloud Instance Modify Registry Modify System Image (0/2) = Downgrade System Image Patch System Image Network Boundary Bridging (0/1) = Network Address Translation Traversal Obfuscated Files or Information (0/6) = Binary Padding Compile After Delivery HTML Smuggling Indicator Removal from Tools Software Packing Steganography Plist File Modification Pre-OS Boot (0/5) = Bootkit Component Firmware ROMMONkit System Firmware TFTP Boot Process Injection (0/12) = Asynchronous Procedure Call Dynamic-link Library Injection Extra Window Memory Injection ListPlanting Portable Executable Injection Proc Memory Process Doppelgänging Process Hollowing Ptrace System Calls Thread Execution Hijacking Thread Local Storage VDSO Hijacking Reflective Code Loading Rogue Domain Controller Rootkit Subvert Trust Controls (0/6) = Code Signing Code Signing Policy Modification Gatekeeper Bypass Install Root Certificate Mark-of-the-Web Bypass SIP and Trust Provider Hijacking System Binary Proxy Execution (0/13) = CMSTP Compiled HTML File Control Panel InstallUtil Mavinject MMC Mshta Msiexec Odbcconf Regsvcs/Regasm Regsvr32 Rundll32 Verclsid System Script Proxy Execution (0/1) = PubPrn Template Injection Traffic Signaling (0/1) = Port Knocking Trusted Developer Utilities Proxy Execution (0/1) = MSBuild Unused/Unsupported Cloud Regions Use Alternate Authentication Material (0/4) = Application Access Token Pass the Hash Pass the Ticket Web Session Cookie Valid Accounts (0/4) = Cloud Accounts Default Accounts Domain Accounts Local Accounts Virtualization/Sandbox Evasion (0/3) = System Checks Time Based Evasion User Activity Based Checks Weaken Encryption (0/2) = Disable Crypto Hardware Reduce Key Space XSL Script Processing Adversary-in-the-Middle (0/3) = ARP Cache Poisoning DHCP Spoofing LLMNR/NBT-NS Poisoning and SMB Relay Brute Force (0/4) = Credential Stuffing Password Cracking Password Guessing Password Spraying Credentials from Password Stores (0/5) = Credentials from Web Browsers Keychain Password Managers Securityd Memory Windows Credential Manager Exploitation for Credential Access Forced Authentication Forge Web Credentials (0/2) = SAML Tokens Web Cookies Input Capture (0/4) = Credential API Hooking GUI Input Capture Keylogging Web Portal Capture Modify Authentication Process (0/5) = Domain Controller Authentication Network Device Authentication Password Filter DLL Pluggable Authentication Modules Reversible Encryption Multi-Factor Authentication Interception Multi-Factor Authentication Request Generation Network Sniffing OS Credential Dumping (0/8) = /etc/passwd and /etc/shadow Cached Domain Credentials DCSync LSA Secrets LSASS Memory NTDS Proc Filesystem Security Account Manager Steal Application Access Token Steal or Forge Kerberos Tickets (0/4) = AS-REP Roasting Golden Ticket Kerberoasting Silver Ticket Steal Web Session Cookie Unsecured Credentials (0/7) = Bash History Cloud Instance Metadata API Container API Credentials In Files Credentials in Registry Group Policy Preferences Private Keys Account Discovery (0/4) = Cloud Account Domain Account Email Account Local Account Application Window Discovery Browser Bookmark Discovery Cloud Infrastructure Discovery Cloud Service Dashboard Cloud Service Discovery Cloud Storage Object Discovery Container and Resource Discovery Debugger Evasion Domain Trust Discovery File and Directory Discovery Group Policy Discovery Network Service Discovery Network Share Discovery Network Sniffing Password Policy Discovery Peripheral Device Discovery Permission Groups Discovery (0/3) = Cloud Groups Domain Groups Local Groups Process Discovery Query Registry Remote System Discovery Software Discovery (0/1) = Security Software Discovery System Information Discovery System Location Discovery (0/1) = System Language Discovery System Network Configuration Discovery (0/1) = Internet Connection Discovery System Network Connections Discovery System Owner/User Discovery System Service Discovery System Time Discovery Virtualization/Sandbox Evasion (0/3) = System Checks Time Based Evasion User Activity Based Checks Exploitation of Remote Services Internal Spearphishing Lateral Tool Transfer Remote Service Session Hijacking (0/2) = RDP Hijacking SSH Hijacking Remote Services (0/6) = Distributed Component Object Model Remote Desktop Protocol SMB/Windows Admin Shares SSH VNC Windows Remote Management Replication Through Removable Media Software Deployment Tools Taint Shared Content Use Alternate Authentication Material (0/4) = Application Access Token Pass the Hash Pass the Ticket Web Session Cookie Adversary-in-the-Middle (0/3) = ARP Cache Poisoning DHCP Spoofing LLMNR/NBT-NS Poisoning and SMB Relay Archive Collected Data (0/3) = Archive via Custom Method Archive via Library Archive via Utility Audio Capture Automated Collection Browser Session Hijacking Clipboard Data Data from Cloud Storage Object Data from Configuration Repository (0/2) = Network Device Configuration Dump SNMP (MIB Dump) Data from Information Repositories (0/3) = Code Repositories Confluence Sharepoint Data from Local System Data from Network Shared Drive Data from Removable Media Data Staged (0/2) = Local Data Staging Remote Data Staging Email Collection (0/3) = Email Forwarding Rule Local Email Collection Remote Email Collection Input Capture (0/4) = Credential API Hooking GUI Input Capture Keylogging Web Portal Capture Screen Capture Video Capture Application Layer Protocol (0/4) = DNS File Transfer Protocols Mail Protocols Web Protocols Communication Through Removable Media Data Encoding (0/2) = Non-Standard Encoding Standard Encoding Data Obfuscation (0/3) = Junk Data Protocol Impersonation Steganography Dynamic Resolution (0/3) = DNS Calculation Domain Generation Algorithms Fast Flux DNS Encrypted Channel (0/2) = Asymmetric Cryptography Symmetric Cryptography Fallback Channels Ingress Tool Transfer Multi-Stage Channels Non-Application Layer Protocol Non-Standard Port Protocol Tunneling Proxy (0/4) = Domain Fronting External Proxy Internal Proxy Multi-hop Proxy Remote Access Software Traffic Signaling (0/1) = Port Knocking Web Service (0/3) = Bidirectional Communication Dead Drop Resolver One-Way Communication Automated Exfiltration (0/1) = Traffic Duplication Data Transfer Size Limits Exfiltration Over Alternative Protocol (0/3) = Exfiltration Over Asymmetric Encrypted Non-C2 Protocol Exfiltration Over Symmetric Encrypted Non-C2 Protocol Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over C2 Channel Exfiltration Over Other Network Medium (0/1) = Exfiltration Over Bluetooth Exfiltration Over Physical Medium (0/1) = Exfiltration over USB Exfiltration Over Web Service (0/2) = Exfiltration to Cloud Storage Exfiltration to Code Repository Scheduled Transfer Transfer Data to Cloud Account Account Access Removal Data Destruction Data Encrypted for Impact Data Manipulation (0/3) = Runtime Data Manipulation Stored Data Manipulation Transmitted Data Manipulation Defacement (0/2) = External Defacement Internal Defacement Disk Wipe (0/2) = Disk Content Wipe Disk Structure Wipe Endpoint Denial of Service (0/4) = Application Exhaustion Flood Application or System Exploitation OS Exhaustion Flood Service Exhaustion Flood Firmware Corruption Inhibit System Recovery Network Denial of Service (0/2) = Direct Network Flood Reflection Amplification Resource Hijacking Service Stop System Shutdown/Reboot keyboard_arrow_up legend MITRE ATT&CK® Navigator v4.6.4 help selection behavior search & multiselect deselect 0 techniques layer information download layer as json export to excel render layer to SVG filters color setup show/hide disabled expand sub-techniques expand annotated sub-techniques collapse sub-techniques matrix configuration toggle state background color scoring comment clear annotations on selected link metadata sorting by score descending TA0043: Reconnaissance TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0011: Command and Control TA0010: Exfiltration TA0040: Impact