Technique Explorer

117 unique MITRE ATT&CK techniques across 143 adversary profiles

117
Unique Techniques
832
Total TTP Uses
14
Tactics Covered
143
Adversary Profiles
Kill-Chain Coverage
Reconnaissance
7
Resource Development
13
Initial Access
131
Execution
86
Persistence
97
Privilege Escalation
53
Defense Evasion
64
Credential Access
24
Discovery
20
Lateral Movement
26
Collection
65
Command and Control
75
Exfiltration
51
Impact
120
Most Prevalent Techniques
1T1078
Valid AccountsPersistence
64
2T1566.001
Spearphishing AttachmentInitial Access
52
3T1486
Data Encrypted for ImpactImpact
40
4T1190
Exploit Public-Facing ApplicationInitial Access
39
5T1071.001
Web ProtocolsCommand and Control
39
Coverage Heatmap

Each cell is one technique. Brightness = how many adversary groups use it. Click to open MITRE ATT&CK.

Privilege Escalation
RECONReconnaissance4 techniques
T1598
Phishing for Information
APT42The ComViLE
3×
T1598.003
Spearphishing Link
APT35Callisto Group
2×
T1591
Gather Victim Org Information
Callisto Group
1×
T1598.001
Spearphishing Service
UNC3944
1×
RESOURCEResource Development7 techniques
T1583.005
Botnet Infrastructure
Anonymous SudanIT Army of UkraineUserSecEmotet / MealybugSiegedSec
5×
T1585.001
Social Media Accounts
Callisto GroupBahamut
2×
T1583
Acquire Infrastructure
NoName057(16)Cyber Army of Russia Reborn
2×
T1584.004
Compromise Infrastructure: Server
Turla
1×
T1583.004
Server Infrastructure Acquisition
Salt Typhoon
1×
T1585.002
Email Accounts
UNC1151
1×
T1584
Compromise Infrastructure
NoName057(16)
1×
INIT ACCESSInitial Access13 techniques
T1566.001
Spearphishing Attachment
APT28APT1Lazarus GroupKimsukyAPT33APT34FIN7APT40Bronze ButlerMustang PandaGamaredonBitterSideWinderTransparent TribeTA413MuddyWaterAPT-C-36FIN8TA505TA558MoleratsEvilnumGorgon GroupMacheteCarbanakTrickBot / RyukEmotet / MealybugIcedID / BokbotTA2101APT31APT32APT37APT39Cadet BlizzardOnyx SleetMoonstone SleetEvil CorpBlack BastaAkiraRhysidaAPT12APT30NaikonKe3changTropic TrooperTonto TeamAoqin DragonDarkHydrusWIRTEEmber BearInceptionStealth Falcon
52×
T1190
Exploit Public-Facing Application
APT41REvilBlackCat / ALPHVAnonymousAPT10HafniumSalt TyphoonPredatory SparrowMoses StaffGhostSecGuacamayaYellow GarudaCl0pMagecartAquatic PandaEarth LuscaFlax TyphoonBerserk BearCyber Army of Russia RebornPioneer KittenPlayRansomHubLightBasinShinyHuntersAPT3APT27Earth EstriesGhostEmperorToddyCatVelvet AntCobalt MirageEmber BearRoyal / BlackSuitINC Ransom8BaseCactusHandalaSiegedSecKillSec
39×
T1566.002
Spearphishing Link
APT28APT29APT35Callisto GroupPatchworkOperation AuroraFIN4TortoiseshellBahamutUNC1151APT43BlueNoroffRoyal / BlackSuit
13×
T1133
External Remote Services
Volt TyphoonFlax TyphoonBerserk BearPioneer KittenAkiraLiminal PandaMedusa
7×
T1566.004
Spearphishing Voice
Scattered SpiderLapsus$UNC3944APT42The Com
5×
T1195.002
Compromise Software Supply Chain
APT29APT41UNC2452PROMETHIUM
4×
T1189
Drive-by Compromise
TortoiseshellAPT17APT19PROMETHIUM
4×
T1566.003
Spearphishing via Service
BazaLoaderJade Sleet
2×
T1200
Hardware Additions
Stuxnet Operators
1×
T1566
Phishing
APT42
1×
T1195.003
Compromise Hardware Supply Chain
BlackTech
1×
T1195
Supply Chain Compromise
Cadet Blizzard
1×
T1195.001
Compromise Software Dependencies and Development Tools
Jade Sleet
1×
EXECExecution8 techniques
T1059.001
PowerShell
APT28Lazarus GroupAPT33FIN7PatchworkMuddyWaterAPT-C-36FIN8TortoiseshellVice SocietyEmotet / MealybugAquatic PandaEarth LuscaJade SleetMoonstone SleetPioneer KittenPlayRhysidaAPT3APT19ToddyCatDarkHydrusCobalt MirageAPT43Stealth FalconQilinCactusBrain Cipher
28×
T1059.003
Windows Command Shell
APT41ContiAPT10Bronze ButlerTransparent TribeTA505HiveFIN6CarbanakTrickBot / RyukBazaLoaderAPT32APT37BlackTechCadet BlizzardOnyx SleetEvil CorpBlack BastaAPT12NaikonKe3chang
21×
T1204.002
Malicious File
Lazarus GroupAPT33Mustang PandaGamaredonBitterTA413TA505TA558MoleratsEvilnumGorgon GroupMacheteEmotet / MealybugIcedID / BokbotBazaLoaderTA2101APT32Moonstone Sleet
18×
T1059.005
Visual Basic
SandwormBitterTA413TA558Gorgon GroupTonto TeamWIRTE
7×
T1203
Exploitation for Client Execution
Operation AuroraAPT37APT3APT17Tropic TrooperTonto TeamInception
7×
T1059.007
JavaScript
SideWinderMagecart
2×
T1204.001
Malicious Link
PatchworkJade Sleet
2×
T1059
Command and Scripting Interpreter
NoName057(16)
1×
PERSISTPersistence6 techniques
T1078
Valid Accounts
Equation GroupAPT28APT29SandwormAPT41Volt TyphoonAPT35REvilLockBitContiScattered SpiderBlackCat / ALPHVAPT10Salt TyphoonCyber Av3ngersRedHackOperation AuroraLapsus$UNC3944SilverFishDarkSideHiveBlackMatterVice SocietyFIN6FIN5APT31APT39APT42Aquatic PandaFlax TyphoonStorm-0558Berserk BearOnyx SleetPioneer KittenEvil CorpBlack BastaAkiraPlayRhysidaRansomHubLightBasinShinyHuntersThe ComViLEAPT3APT17APT27Earth EstriesLiminal PandaGhostEmperorVelvet AntCobalt MirageBlueNoroffMedusaINC RansomQilinHunters International8BaseCactusBrain CipherHandalaSiegedSecKillSec
64×
T1547.001
Registry Run Keys
GamaredonBitterTransparent TribeAPT-C-36APT32BlackTechOnyx SleetAPT12APT19APT30NaikonTropic TrooperTonto TeamAoqin DragonWIRTEInceptionStealth Falcon
17×
T1505.003
Web Shell
APT40HafniumYellow GarudaMagecartAPT27Earth EstriesToddyCat
7×
T1053.005
Scheduled Task
APT29Bronze ButlerAPT31APT32
4×
T1136.001
Create Local Account
APT34MuddyWaterAPT19
3×
T1542.001
System Firmware
Equation GroupStuxnet Operators
2×
PRIV ESCPrivilege Escalation3 techniques
T1134
Access Token Manipulation
APT28APT29TurlaAPT1APT41Volt TyphoonLazarus GroupAPT38KimsukyAPT33APT34APT35FIN7ContiScattered SpiderBlackCat / ALPHVAPT10GamaredonCallisto GroupMuddyWaterUNC2452UNC3944FIN4FIN8TA505HiveBlackMatterFIN6CarbanakTrickBot / Ryuk
30×
T1068
Exploitation for Privilege Escalation
Equation GroupAPT28APT29SandwormAPT41Lazarus GroupFIN7REvilLockBitBlackCat / ALPHVAPT40HafniumUNC2452Cl0pDarkSideBlackMatterIcedID / Bokbot
17×
T1548.002
Bypass User Account Control
REvilLockBitContiLapsus$DarkSideTrickBot / Ryuk
6×
DEF EVASIONDefense Evasion11 techniques
T1027
Obfuscated Files or Information
APT40Mustang PandaSideWinderAPT31BlackTechEarth LuscaAPT3APT12APT17APT19APT27APT30NaikonKe3changTropic TrooperTonto TeamEarth EstriesGhostEmperorToddyCatAoqin DragonVelvet AntDarkHydrusWIRTEAPT43BlueNoroffEmber BearInceptionStealth FalconPROMETHIUMMoustachedBouncerINC RansomQilinHunters International8BaseBrain Cipher
35×
T1036
Masquerading
Volt TyphoonPatchworkUNC2452TortoiseshellMoonstone Sleet
5×
T1070
Indicator Removal
UNC2452Stuxnet OperatorsSilverFishCadet BlizzardRansomHub
5×
T1014
Rootkit
Equation GroupTurlaEarth EstriesGhostEmperor
4×
T1078.004
Cloud Accounts
Storm-0558The ComViLEVelvet Ant
4×
T1070.004
File Deletion
Bronze ButlerFIN5Flax Typhoon
3×
T1562.001
Disable or Modify Tools
LockBitCyber Av3ngers
2×
T1036.005
Match Legitimate Name or Location
SideWinderTA2101
2×
T1055
Process Injection
FIN8Flax Typhoon
2×
T1600
Weaken Encryption
Stuxnet Operators
1×
T1553.002
Code Signing
Moonstone Sleet
1×
CRED ACCESSCredential Access8 techniques
T1003.001
LSASS Memory
APT28ContiHafniumTrickBot / RyukAquatic PandaAPT27
6×
T1040
Network Sniffing
APT34Salt TyphoonBerserk BearLightBasin
4×
T1539
Steal Web Session Cookie
Scattered SpiderFIN4APT42Storm-0558
4×
T1621
Multi-Factor Authentication Request Generation
Scattered SpiderLapsus$UNC3944
3×
T1003
OS Credential Dumping
FIN8DarkSide
2×
T1110.004
Credential Stuffing
ShinyHuntersThe Com
2×
T1110
Brute Force
ViLELiminal Panda
2×
T1528
Steal Application Access Token
Storm-0558
1×
DISCOVERYDiscovery4 techniques
T1083
File and Directory Discovery
APT1APT40BitterAPT32APT39BlackTechEarth LuscaRhysidaAPT30ToddyCatDarkHydrusWIRTEPROMETHIUMMoustachedBouncer
14×
T1082
System Information Discovery
GamaredonAPT37Aquatic PandaOnyx Sleet
4×
T1087
Account Discovery
Volt Typhoon
1×
T1057
Process Discovery
LightBasin
1×
LAT MOVELateral Movement5 techniques
T1021.001
Remote Desktop Protocol
LockBitAPT10HiveCarbanakFIN5APT39BlackTechFlax TyphoonBerserk BearPioneer KittenEvil CorpBlack BastaAkiraRhysidaLightBasin
15×
T1021.002
SMB/Windows Admin Shares
ContiYellow GarudaBlackMatterTrickBot / RyukPlay
5×
T1550.001
Application Access Token
APT29UNC2452SilverFishStorm-0558
4×
T1534
Internal Spearphishing
Scattered Spider
1×
T1021.004
SSH
MuddyWater
1×
COLLECTIONCollection15 techniques
T1056.001
Keylogging
KimsukyAPT35FIN7Transparent TribeAPT-C-36FIN4TA558MoleratsBahamutEvilnumMacheteNaikonKe3chang
13×
T1113
Screen Capture
GamaredonPatchworkTA413MoleratsEvilnumMacheteCarbanakAPT37
8×
T1114.002
Remote Email Collection
KimsukyCallisto GroupFIN4UNC1151APT42Storm-0558ShinyHunters
7×
T1530
Data from Cloud Storage
AnonymousRedHackGuacamayaLapsus$UNC3944ShinyHunters
6×
T1213
Data from Information Repositories
RedHackGuacamayaLapsus$FIN4SilverFishViLE
6×
T1560
Archive Collected Data
TurlaYellow GarudaOperation AuroraAPT31APT39
5×
T1005
Data from Local System
APT1FIN6FIN5APT37Berserk Bear
5×
T1025
Data from Removable Media
TA413EvilnumAPT30Tropic TrooperAoqin Dragon
5×
T1125
Video Capture
BahamutMachete
2×
T1557
Adversary-in-the-Middle
MagecartMoustachedBouncer
2×
T1074
Data Staged
Berserk BearEvil Corp
2×
T1119
Automated Collection
Equation Group
1×
T1560.001
Archive via Utility
Hafnium
1×
T1114
Email Collection
Operation Aurora
1×
T1602
Data from Configuration Repository
NoName057(16)
1×
C2Command and Control11 techniques
T1071.001
Web Protocols
APT1APT38APT34FIN7Bronze ButlerMustang PandaSideWinderAPT-C-36TA558MoleratsBahamutEmotet / MealybugIcedID / BokbotAPT31Aquatic PandaEarth LuscaCyber Army of Russia RebornLightBasinAPT12APT17APT19APT27APT30Ke3changTropic TrooperTonto TeamEarth EstriesLiminal PandaGhostEmperorToddyCatAoqin DragonDarkHydrusWIRTEAPT43BlueNoroffInceptionStealth FalconPROMETHIUMMoustachedBouncer
39×
T1105
Ingress Tool Transfer
Lazarus GroupFIN7Mustang PandaMuddyWaterTA505TortoiseshellGorgon GroupIcedID / BokbotBazaLoaderAPT32APT39Aquatic PandaBlackTechEarth LuscaOnyx SleetJade SleetMoonstone SleetAPT12APT17
19×
T1090
Proxy
Flax TyphoonPioneer KittenKe3changLiminal PandaGhostEmperorVelvet AntMoustachedBouncer
7×
T1102
Web Service
KimsukyInception
2×
T1571
Non-Standard Port
Transparent TribeCobalt Mirage
2×
T1090.004
Domain Fronting
Turla
1×
T1071.003
Mail Protocols
Turla
1×
T1090.002
External Proxy
Volt Typhoon
1×
T1572
Protocol Tunneling
APT34
1×
T1568
Dynamic Resolution
UNC2452
1×
T1090.001
Internal Proxy
LightBasin
1×
EXFILExfiltration5 techniques
T1041
Exfiltration Over C2 Channel
APT10HafniumFIN6FIN5MagecartAPT31APT37APT39APT42Earth LuscaStorm-0558Onyx SleetJade SleetAkiraPlayRansomHubShinyHuntersAPT3NaikonLiminal PandaAoqin DragonDarkHydrusEmber BearStealth FalconPROMETHIUMMoustachedBouncerRoyal / BlackSuitHunters International
28×
T1567.002
Exfiltration to Cloud Storage
BlackCat / ALPHVAPT43BlueNoroffMedusaINC RansomQilinHunters International8BaseCactusBrain CipherHandalaSiegedSecKillSec
13×
T1567
Exfiltration Over Web Service
APT40Yellow GarudaCl0pDarkSideHiveBlackMatterVice Society
7×
T1048
Exfiltration Over Alternative Protocol
REvilGuacamaya
2×
T1020
Automated Exfiltration
Salt Typhoon
1×
IMPACTImpact17 techniques
T1486
Data Encrypted for Impact
APT41Lazarus GroupAPT33REvilLockBitContiBlackCat / ALPHVMoses StaffGhostSecFIN8TA505Cl0pDarkSideHiveBlackMatterVice SocietyFIN6TrickBot / RyukIcedID / BokbotTA2101Cadet BlizzardMoonstone SleetPioneer KittenEvil CorpBlack BastaAkiraPlayRhysidaRansomHubCobalt MirageRoyal / BlackSuitMedusaINC RansomQilinHunters International8BaseCactusBrain CipherHandalaKillSec
40×
T1490
Inhibit System Recovery
Evil CorpBlack BastaAkiraPlayRhysidaRansomHubRoyal / BlackSuitMedusaINC RansomQilinHunters International8BaseCactusBrain CipherKillSec
15×
T1485
Data Destruction
APT38Predatory SparrowMoses StaffCyber Av3ngersStuxnet OperatorsCl0pCadet BlizzardCyber Army of Russia RebornBlack BastaEmber BearHandala
11×
T1491.002
External Defacement
AnonymousKillNetPredatory SparrowCyber Av3ngersAnonymous SudanIT Army of UkraineGhostSecRedHackUserSecUNC1151
10×
T1657
Financial Theft
Cl0pCarbanakJade SleetRansomHubShinyHuntersThe ComViLEAPT43BlueNoroff
9×
T1489
Service Stop
SandwormPredatory SparrowCyber Av3ngersDarkSideVice SocietyCyber Army of Russia RebornRoyal / BlackSuitMedusa
8×
T1498
Network Denial of Service
Anonymous SudanIT Army of UkraineGhostSecUserSecNoName057(16)Cyber Army of Russia Reborn
6×
T1491
Defacement
Moses StaffHandalaSiegedSecKillSec
4×
T1499
Endpoint Denial of Service
SandwormAnonymous SudanSiegedSec
3×
T1531
Account Access Removal
APT38The ComViLE
3×
T1498.001
Direct Network Flood
AnonymousKillNetNoName057(16)
3×
T1561
Disk Wipe
Predatory SparrowEmber Bear
2×
T1565
Data Manipulation
Moses StaffUNC1151
2×
T1561.001
Disk Content Wipe
Sandworm
1×
T1565.001
Stored Data Manipulation
APT38
1×
T1499.002
Service Exhaustion Flood
KillNet
1×
T1561.002
Disk Wipe
Cadet Blizzard
1×
Data sourced from MITRE ATT&CK. For educational purposes.