Technique Explorer

117 unique MITRE ATT&CK techniques across 106 adversary profiles

117

Unique Techniques

612

Total TTP Uses

Tactics Covered

106

Adversary Profiles

Kill-Chain Coverage

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Most Prevalent Techniques

1T1078

Valid AccountsPersistence

2T1566.001

Spearphishing AttachmentInitial Access

3T1134

Access Token ManipulationPrivilege Escalation

4T1486

Data Encrypted for ImpactImpact

5T1190

Exploit Public-Facing ApplicationInitial Access

Coverage Heatmap

Each cell is one technique. Brightness = how many adversary groups use it. Click to open MITRE ATT&CK.

Reconnaissance

T1598 T1598.003 T1591 T1598.001

Resource Development

T1583.005 T1585.001 T1583 T1584.004 T1583.004 T1585.002 T1584

Initial Access

T1566.001 T1190 T1566.002 T1133 T1566.004 T1195.002 T1566.003 T1200 T1189 T1566 T1195.003 T1195 T1195.001

Execution

T1059.001 T1059.003 T1204.002 T1059.005 T1059.007 T1204.001 T1203 T1059

Persistence

T1078 T1547.001 T1053.005 T1505.003 T1542.001 T1136.001

Privilege Escalation

T1134 T1068 T1548.002

Defense Evasion

T1027 T1036 T1070 T1070.004 T1078.004 T1014 T1562.001 T1036.005 T1055 T1600 T1553.002

Credential Access

T1003.001 T1040 T1539 T1621 T1003 T1110.004 T1528 T1110

Discovery

T1083 T1082 T1087 T1057

Lateral Movement

T1021.001 T1021.002 T1550.001 T1534 T1021.004

Collection

T1056.001 T1113 T1114.002 T1530 T1213 T1560 T1005 T1025 T1125 T1074 T1119 T1560.001 T1114 T1557 T1602

Command and Control

T1071.001 T1105 T1090 T1090.004 T1071.003 T1090.002 T1102 T1572 T1571 T1568 T1090.001

Exfiltration

T1041 T1567 T1048 T1567.002 T1020

Impact

T1486 T1491.002 T1485 T1657 T1489 T1498 T1490 T1531 T1498.001 T1499 T1565 T1561.001 T1565.001 T1499.002 T1561 T1491 T1561.002

RECONReconnaissance4 techniques

T1598

Phishing for Information

3×

Spearphishing Link

2×

Gather Victim Org Information

Callisto Group

1×

T1598.001

Spearphishing Service

UNC3944

1×

RESOURCEResource Development7 techniques

T1583.005

Botnet Infrastructure

Anonymous Sudan IT Army of Ukraine UserSec Emotet / Mealybug

4×

T1585.001

Social Media Accounts

Callisto Group Bahamut

2×

T1583

Acquire Infrastructure

NoName057(16)Cyber Army of Russia Reborn

2×

T1584.004

Compromise Infrastructure: Server

Turla

1×

T1583.004

Server Infrastructure Acquisition

1×

Email Accounts

1×

Compromise Infrastructure

NoName057(16)

1×

INIT ACCESSInitial Access13 techniques

T1566.002

Spearphishing Link

APT28 APT29 APT35 Callisto Group Patchwork Operation Aurora FIN4 Tortoiseshell Bahamut UNC1151

10×

T1133

External Remote Services

Volt Typhoon Flax Typhoon Berserk Bear Pioneer Kitten Akira

5×

T1566.004

Spearphishing Voice

Scattered Spider Lapsus$UNC3944 APT42 The Com

5×

T1195.002

Compromise Software Supply Chain

APT29 APT41 UNC2452

3×

T1566.003

Spearphishing via Service

BazaLoader Jade Sleet

2×

Hardware Additions

1×

Drive-by Compromise

1×

Phishing

1×

Compromise Hardware Supply Chain

BlackTech

1×

T1195

Supply Chain Compromise

Cadet Blizzard

1×

T1195.001

Compromise Software Dependencies and Development Tools

Jade Sleet

1×

EXECExecution8 techniques

T1059.001

PowerShell

APT28 Lazarus Group APT33 FIN7 Patchwork MuddyWater APT-C-36 FIN8 Tortoiseshell Vice Society Emotet / Mealybug Aquatic Panda Earth Lusca Jade Sleet Moonstone Sleet Pioneer Kitten Play Rhysida

18×

T1059.003

Windows Command Shell

APT41 Conti APT10 Bronze Butler Transparent Tribe TA505 Hive FIN6 Carbanak TrickBot / Ryuk BazaLoader APT32 APT37 BlackTech Cadet Blizzard Onyx Sleet Evil Corp Black Basta

18×

T1204.002

Malicious File

Lazarus Group APT33 Mustang Panda Gamaredon Bitter TA413 TA505 TA558 Molerats Evilnum Gorgon Group Machete Emotet / Mealybug IcedID / Bokbot BazaLoader TA2101 APT32 Moonstone Sleet

18×

T1059.005

Visual Basic

Sandworm Bitter TA413 TA558 Gorgon Group

5×

JavaScript

2×

Malicious Link

2×

Exploitation for Client Execution

Operation Aurora APT37

2×

T1059

Command and Scripting Interpreter

NoName057(16)

1×

PERSISTPersistence6 techniques

T1547.001

Registry Run Keys

Gamaredon Bitter Transparent Tribe APT-C-36 APT32 BlackTech Onyx Sleet

7×

T1053.005

Scheduled Task

APT29 Bronze Butler APT31 APT32

4×

T1505.003

Web Shell

APT40 Hafnium Yellow Garuda Magecart

4×

T1542.001

System Firmware

Equation Group Stuxnet Operators

2×

T1136.001

Create Local Account

APT34 MuddyWater

2×

PRIV ESCPrivilege Escalation3 techniques

T1134

30×

T1068

Exploitation for Privilege Escalation

Equation Group APT28 APT29 Sandworm APT41 Lazarus Group FIN7 REvil LockBit BlackCat / ALPHV APT40 Hafnium UNC2452 Cl0p DarkSide BlackMatter IcedID / Bokbot

17×

T1548.002

Bypass User Account Control

REvil LockBit Conti Lapsus$DarkSide TrickBot / Ryuk

6×

DEF EVASIONDefense Evasion11 techniques

T1027

Obfuscated Files or Information

APT40 Mustang Panda SideWinder APT31 BlackTech Earth Lusca

6×

T1036

Masquerading

Volt Typhoon Patchwork UNC2452 Tortoiseshell Moonstone Sleet

5×

T1070

Indicator Removal

UNC2452 Stuxnet Operators SilverFish Cadet Blizzard RansomHub

5×

T1070.004

File Deletion

Bronze Butler FIN5 Flax Typhoon

3×

T1078.004

Cloud Accounts

Storm-0558 The Com ViLE

3×

T1014

Rootkit

Equation Group Turla

2×

T1562.001

Disable or Modify Tools

LockBit Cyber Av3ngers

2×

T1036.005

Match Legitimate Name or Location

2×

Process Injection

2×

Weaken Encryption

1×

Code Signing

1×

CRED ACCESSCredential Access8 techniques

T1003.001

LSASS Memory

APT28 Conti Hafnium TrickBot / Ryuk Aquatic Panda

5×

T1040

Network Sniffing

APT34 Salt Typhoon Berserk Bear LightBasin

4×

T1539

Steal Web Session Cookie

Scattered Spider FIN4 APT42 Storm-0558

4×

T1621

Multi-Factor Authentication Request Generation

Scattered Spider Lapsus$UNC3944

3×

T1003

OS Credential Dumping

2×

Credential Stuffing

2×

Steal Application Access Token

Storm-0558

1×

T1110

Brute Force

ViLE

1×

DISCOVERYDiscovery4 techniques

T1083

File and Directory Discovery

APT1 APT40 Bitter APT32 APT39 BlackTech Earth Lusca Rhysida

8×

T1082

System Information Discovery

Gamaredon APT37 Aquatic Panda Onyx Sleet

4×

Account Discovery

1×

Process Discovery

1×

LAT MOVELateral Movement5 techniques

T1021.001

Remote Desktop Protocol

LockBit APT10 Hive Carbanak FIN5 APT39 BlackTech Flax Typhoon Berserk Bear Pioneer Kitten Evil Corp Black Basta Akira Rhysida LightBasin

15×

T1021.002

SMB/Windows Admin Shares

Conti Yellow Garuda BlackMatter TrickBot / Ryuk Play

5×

T1550.001

Application Access Token

APT29 UNC2452 SilverFish Storm-0558

4×

T1534

Internal Spearphishing

Scattered Spider

1×

T1021.004

SSH

MuddyWater

1×

COLLECTIONCollection15 techniques

T1056.001

Keylogging

Kimsuky APT35 FIN7 Transparent Tribe APT-C-36 FIN4 TA558 Molerats Bahamut Evilnum Machete

11×

T1113

Screen Capture

Gamaredon Patchwork TA413 Molerats Evilnum Machete Carbanak APT37

8×

T1114.002

Remote Email Collection

Kimsuky Callisto Group FIN4 UNC1151 APT42 Storm-0558 ShinyHunters

7×

T1530

Data from Cloud Storage

Anonymous RedHack Guacamaya Lapsus$UNC3944 ShinyHunters

6×

T1213

Data from Information Repositories

RedHack Guacamaya Lapsus$FIN4 SilverFish ViLE

6×

T1560

Archive Collected Data

Turla Yellow Garuda Operation Aurora APT31 APT39

5×

T1005

Data from Local System

APT1 FIN6 FIN5 APT37 Berserk Bear

5×

T1025

Data from Removable Media

2×

Video Capture

2×

Data Staged

Berserk Bear Evil Corp

2×

Automated Collection

1×

Archive via Utility

1×

Email Collection

1×

Adversary-in-the-Middle

Magecart

1×

T1602

Data from Configuration Repository

NoName057(16)

1×

C2Command and Control11 techniques

T1071.001

Web Protocols

APT1 APT38 APT34 FIN7 Bronze Butler Mustang Panda SideWinder APT-C-36 TA558 Molerats Bahamut Emotet / Mealybug IcedID / Bokbot APT31 Aquatic Panda Earth Lusca Cyber Army of Russia Reborn LightBasin

18×

T1105

Ingress Tool Transfer

Lazarus Group FIN7 Mustang Panda MuddyWater TA505 Tortoiseshell Gorgon Group IcedID / Bokbot BazaLoader APT32 APT39 Aquatic Panda BlackTech Earth Lusca Onyx Sleet Jade Sleet Moonstone Sleet

17×

T1090

Proxy

Flax Typhoon Pioneer Kitten

2×

Domain Fronting

1×

Mail Protocols

1×

External Proxy

1×

Web Service

1×

Protocol Tunneling

1×

Non-Standard Port

1×

Dynamic Resolution

1×

Internal Proxy

1×

EXFILExfiltration5 techniques

T1041

Exfiltration Over C2 Channel

APT10 Hafnium FIN6 FIN5 Magecart APT31 APT37 APT39 APT42 Earth Lusca Storm-0558 Onyx Sleet Jade Sleet Akira Play RansomHub ShinyHunters

17×

T1567

Exfiltration Over Web Service

APT40 Yellow Garuda Cl0p DarkSide Hive BlackMatter Vice Society

7×

T1048

Exfiltration Over Alternative Protocol

REvil Guacamaya

2×

T1567.002

Exfiltration to Cloud Storage

BlackCat / ALPHV

1×

T1020

Automated Exfiltration

Salt Typhoon

1×

IMPACTImpact17 techniques

T1491.002

External Defacement

Anonymous KillNet Predatory Sparrow Cyber Av3ngers Anonymous Sudan IT Army of Ukraine GhostSec RedHack UserSec UNC1151

10×

T1485

Data Destruction

APT38 Predatory Sparrow Moses Staff Cyber Av3ngers Stuxnet Operators Cl0p Cadet Blizzard Cyber Army of Russia Reborn Black Basta

9×

T1657

Financial Theft

Cl0p Carbanak Jade Sleet RansomHub ShinyHunters The Com ViLE

7×

T1489

Service Stop

Sandworm Predatory Sparrow Cyber Av3ngers DarkSide Vice Society Cyber Army of Russia Reborn

6×

T1498

Network Denial of Service

Anonymous Sudan IT Army of Ukraine GhostSec UserSec NoName057(16)Cyber Army of Russia Reborn

6×

T1490

Inhibit System Recovery

Evil Corp Black Basta Akira Play Rhysida RansomHub

6×

T1531

Account Access Removal

APT38 The Com ViLE

3×

T1498.001

Direct Network Flood

Anonymous KillNet NoName057(16)

3×

T1499

Endpoint Denial of Service

Sandworm Anonymous Sudan

2×

Data Manipulation

2×

Disk Content Wipe

1×

Stored Data Manipulation

APT38

1×

T1499.002

Service Exhaustion Flood

1×

Disk Wipe

1×

Defacement

1×

Disk Wipe

1×

Data sourced from MITRE ATT&CK. For educational purposes.