← Home·Gallery·Three-Card Spread·Defenses·Sectors·Compare

Technique Explorer

97 unique MITRE ATT&CK techniques across 78 adversary profiles

Unique Techniques

418

Total TTP Uses

Tactics Covered

Adversary Profiles

Kill-Chain Coverage

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Most Prevalent Techniques

1T1134

Access Token ManipulationPrivilege Escalation

2T1566.001

Spearphishing AttachmentInitial Access

3T1078

Valid AccountsPersistence

4T1486

Data Encrypted for ImpactImpact

5T1068

Exploitation for Privilege EscalationPrivilege Escalation

RECONReconnaissance3 techniques

T1598.003

Spearphishing Link

APT35 Callisto Group

2×

T1591

Gather Victim Org Information

Callisto Group

1×

T1598.001

Spearphishing Service

UNC3944

1×

RESOURCEResource Development5 techniques

T1583.005

Botnet Infrastructure

Anonymous Sudan IT Army of Ukraine UserSec Emotet / Mealybug

4×

T1585.001

Social Media Accounts

Callisto Group Bahamut

2×

T1584.004

Compromise Infrastructure: Server

Turla

1×

T1583.004

Server Infrastructure Acquisition

Salt Typhoon

1×

T1585.002

Email Accounts

UNC1151

1×

INIT ACCESSInitial Access9 techniques

T1190

Exploit Public-Facing Application

APT41 REvil BlackCat / ALPHV Anonymous APT10 Hafnium Salt Typhoon Predatory Sparrow Moses Staff GhostSec Guacamaya Yellow Garuda Cl0p Magecart

14×

T1566.002

Spearphishing Link

APT28 APT29 APT35 Callisto Group Patchwork Operation Aurora FIN4 Tortoiseshell Bahamut UNC1151

10×

T1195.002

Compromise Software Supply Chain

APT29 APT41 UNC2452

3×

T1566.004

Spearphishing Voice

Scattered Spider Lapsus$UNC3944

3×

T1133

External Remote Services

1×

Hardware Additions

1×

Drive-by Compromise

1×

Spearphishing via Service

BazaLoader

1×

EXECExecution7 techniques

T1204.002

Malicious File

Lazarus Group APT33 Mustang Panda Gamaredon Bitter TA413 TA505 TA558 Molerats Evilnum Gorgon Group Machete Emotet / Mealybug IcedID / Bokbot BazaLoader TA2101

16×

T1059.001

PowerShell

APT28 Lazarus Group APT33 FIN7 Patchwork MuddyWater APT-C-36 FIN8 Tortoiseshell Vice Society Emotet / Mealybug

11×

T1059.003

Windows Command Shell

APT41 Conti APT10 Bronze Butler Transparent Tribe TA505 Hive FIN6 Carbanak TrickBot / Ryuk BazaLoader

11×

T1059.005

Visual Basic

Sandworm Bitter TA413 TA558 Gorgon Group

5×

JavaScript

2×

Malicious Link

1×

Exploitation for Client Execution

Operation Aurora

1×

PERSISTPersistence6 techniques

T1505.003

Web Shell

APT40 Hafnium Yellow Garuda Magecart

4×

T1547.001

Registry Run Keys

Gamaredon Bitter Transparent Tribe APT-C-36

4×

T1542.001

System Firmware

Equation Group Stuxnet Operators

2×

Scheduled Task

2×

Create Local Account

2×

PRIV ESCPrivilege Escalation3 techniques

T1134

30×

T1068

Exploitation for Privilege Escalation

Equation Group APT28 APT29 Sandworm APT41 Lazarus Group FIN7 REvil LockBit BlackCat / ALPHV APT40 Hafnium UNC2452 Cl0p DarkSide BlackMatter IcedID / Bokbot

17×

T1548.002

Bypass User Account Control

REvil LockBit Conti Lapsus$DarkSide TrickBot / Ryuk

6×

DEF EVASIONDefense Evasion9 techniques

T1036

Masquerading

Volt Typhoon Patchwork UNC2452 Tortoiseshell

4×

T1027

Obfuscated Files or Information

APT40 Mustang Panda SideWinder

3×

T1070

Indicator Removal

UNC2452 Stuxnet Operators SilverFish

3×

T1014

Rootkit

Equation Group Turla

2×

T1562.001

Disable or Modify Tools

LockBit Cyber Av3ngers

2×

T1070.004

File Deletion

Bronze Butler FIN5

2×

T1036.005

Match Legitimate Name or Location

2×

Weaken Encryption

1×

Process Injection

1×

CRED ACCESSCredential Access5 techniques

T1003.001

LSASS Memory

APT28 Conti Hafnium TrickBot / Ryuk

4×

T1621

Multi-Factor Authentication Request Generation

Scattered Spider Lapsus$UNC3944

3×

T1040

Network Sniffing

APT34 Salt Typhoon

2×

T1539

Steal Web Session Cookie

Scattered Spider FIN4

2×

T1003

OS Credential Dumping

FIN8 DarkSide

2×

DISCOVERYDiscovery3 techniques

T1083

File and Directory Discovery

3×

Account Discovery

1×

System Information Discovery

Gamaredon

1×

LAT MOVELateral Movement5 techniques

T1021.001

Remote Desktop Protocol

LockBit APT10 Hive Carbanak FIN5

5×

T1021.002

SMB/Windows Admin Shares

Conti Yellow Garuda BlackMatter TrickBot / Ryuk

4×

T1550.001

Application Access Token

APT29 UNC2452 SilverFish

3×

T1534

Internal Spearphishing

Scattered Spider

1×

T1021.004

SSH

MuddyWater

1×

COLLECTIONCollection13 techniques

T1056.001

Keylogging

Kimsuky APT35 FIN7 Transparent Tribe APT-C-36 FIN4 TA558 Molerats Bahamut Evilnum Machete

11×

T1113

Screen Capture

Gamaredon Patchwork TA413 Molerats Evilnum Machete Carbanak

7×

T1530

Data from Cloud Storage

Anonymous RedHack Guacamaya Lapsus$UNC3944

5×

T1213

Data from Information Repositories

RedHack Guacamaya Lapsus$FIN4 SilverFish

5×

T1114.002

Remote Email Collection

Kimsuky Callisto Group FIN4 UNC1151

4×

T1560

Archive Collected Data

Turla Yellow Garuda Operation Aurora

3×

T1005

Data from Local System

APT1 FIN6 FIN5

3×

T1025

Data from Removable Media

2×

Video Capture

2×

Automated Collection

1×

Archive via Utility

1×

Email Collection

1×

Adversary-in-the-Middle

Magecart

1×

C2Command and Control9 techniques

T1071.001

Web Protocols

APT1 APT38 APT34 FIN7 Bronze Butler Mustang Panda SideWinder APT-C-36 TA558 Molerats Bahamut Emotet / Mealybug IcedID / Bokbot

13×

T1105

Ingress Tool Transfer

Lazarus Group FIN7 Mustang Panda MuddyWater TA505 Tortoiseshell Gorgon Group IcedID / Bokbot BazaLoader

9×

Domain Fronting

1×

Mail Protocols

1×

External Proxy

1×

Web Service

1×

Protocol Tunneling

1×

Non-Standard Port

1×

Dynamic Resolution

1×

EXFILExfiltration5 techniques

T1567

Exfiltration Over Web Service

APT40 Yellow Garuda Cl0p DarkSide Hive BlackMatter Vice Society

7×

T1041

Exfiltration Over C2 Channel

APT10 Hafnium FIN6 FIN5 Magecart

5×

T1048

Exfiltration Over Alternative Protocol

REvil Guacamaya

2×

T1567.002

Exfiltration to Cloud Storage

BlackCat / ALPHV

1×

T1020

Automated Exfiltration

Salt Typhoon

1×

IMPACTImpact15 techniques

T1486

Data Encrypted for Impact

APT41 Lazarus Group APT33 REvil LockBit Conti BlackCat / ALPHV Moses Staff GhostSec FIN8 TA505 Cl0p DarkSide Hive BlackMatter Vice Society FIN6 TrickBot / Ryuk IcedID / Bokbot TA2101

20×

T1491.002

External Defacement

Anonymous KillNet Predatory Sparrow Cyber Av3ngers Anonymous Sudan IT Army of Ukraine GhostSec RedHack UserSec UNC1151

10×

T1485

Data Destruction

APT38 Predatory Sparrow Moses Staff Cyber Av3ngers Stuxnet Operators Cl0p

6×

T1489

Service Stop

Sandworm Predatory Sparrow Cyber Av3ngers DarkSide Vice Society

5×

T1498

Network Denial of Service

Anonymous Sudan IT Army of Ukraine GhostSec UserSec

4×

T1499

Endpoint Denial of Service

Sandworm Anonymous Sudan

2×

Direct Network Flood

2×

Data Manipulation

2×

Financial Theft

2×

Disk Content Wipe

1×

Account Access Removal

APT38

1×

T1565.001

Stored Data Manipulation

APT38

1×

T1499.002

Service Exhaustion Flood

1×

Disk Wipe

1×

Defacement

1×

Data sourced from MITRE ATT&CK. For educational purposes.