-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.json
1 lines (1 loc) · 37.4 KB
/
test.json
1
[{"technique": "Account Access Removal", "technique_id": "T1531", "url": "https://attack.mitre.org/techniques/T1531", "tactic": "impact"}, {"technique": "Web Session Cookie", "technique_id": "T1506", "url": "https://attack.mitre.org/techniques/T1506", "tactic": "defense-evasion"}, {"technique": "Steal Web Session Cookie", "technique_id": "T1539", "url": "https://attack.mitre.org/techniques/T1539", "tactic": "credential-access"}, {"technique": "System Shutdown/Reboot", "technique_id": "T1529", "url": "https://attack.mitre.org/techniques/T1529", "tactic": "impact"}, {"technique": "Emond", "technique_id": "T1519", "url": "https://attack.mitre.org/techniques/T1519", "tactic": "persistence"}, {"technique": "Software Discovery", "technique_id": "T1518", "url": "https://attack.mitre.org/techniques/T1518", "tactic": "discovery"}, {"technique": "Internal Spearphishing", "technique_id": "T1534", "url": "https://attack.mitre.org/techniques/T1534", "tactic": "lateral-movement"}, {"technique": "Steal Application Access Token", "technique_id": "T1528", "url": "https://attack.mitre.org/techniques/T1528", "tactic": "credential-access"}, {"technique": "Cloud Instance Metadata API", "technique_id": "T1522", "url": "https://attack.mitre.org/techniques/T1522", "tactic": "credential-access"}, {"technique": "Revert Cloud Instance", "technique_id": "T1536", "url": "https://attack.mitre.org/techniques/T1536", "tactic": "defense-evasion"}, {"technique": "Unused/Unsupported Cloud Regions", "technique_id": "T1535", "url": "https://attack.mitre.org/techniques/T1535", "tactic": "defense-evasion"}, {"technique": "Implant Container Image", "technique_id": "T1525", "url": "https://attack.mitre.org/techniques/T1525", "tactic": "persistence"}, {"technique": "Cloud Service Dashboard", "technique_id": "T1538", "url": "https://attack.mitre.org/techniques/T1538", "tactic": "discovery"}, {"technique": "Data from Cloud Storage Object", "technique_id": "T1530", "url": "https://attack.mitre.org/techniques/T1530", "tactic": "collection"}, {"technique": "Transfer Data to Cloud Account", "technique_id": "T1537", "url": "https://attack.mitre.org/techniques/T1537", "tactic": "exfiltration"}, {"technique": "Cloud Service Discovery", "technique_id": "T1526", "url": "https://attack.mitre.org/techniques/T1526", "tactic": "discovery"}, {"technique": "Application Access Token", "technique_id": "T1527", "url": "https://attack.mitre.org/techniques/T1527", "tactic": "defense-evasion"}, {"technique": "Elevated Execution with Prompt", "technique_id": "T1514", "url": "https://attack.mitre.org/techniques/T1514", "tactic": "privilege-escalation"}, {"technique": "Server Software Component", "technique_id": "T1505", "url": "https://attack.mitre.org/techniques/T1505", "tactic": "persistence"}, {"technique": "Credentials from Web Browsers", "technique_id": "T1503", "url": "https://attack.mitre.org/techniques/T1503", "tactic": "credential-access"}, {"technique": "PowerShell Profile", "technique_id": "T1504", "url": "https://attack.mitre.org/techniques/T1504", "tactic": "persistence"}, {"technique": "Parent PID Spoofing", "technique_id": "T1502", "url": "https://attack.mitre.org/techniques/T1502", "tactic": "defense-evasion"}, {"technique": "Compile After Delivery", "technique_id": "T1500", "url": "https://attack.mitre.org/techniques/T1500", "tactic": "defense-evasion"}, {"technique": "Systemd Service", "technique_id": "T1501", "url": "https://attack.mitre.org/techniques/T1501", "tactic": "persistence"}, {"technique": "Endpoint Denial of Service", "technique_id": "T1499", "url": "https://attack.mitre.org/techniques/T1499", "tactic": "impact"}, {"technique": "Virtualization/Sandbox Evasion", "technique_id": "T1497", "url": "https://attack.mitre.org/techniques/T1497", "tactic": "defense-evasion"}, {"technique": "Network Denial of Service", "technique_id": "T1498", "url": "https://attack.mitre.org/techniques/T1498", "tactic": "impact"}, {"technique": "Resource Hijacking", "technique_id": "T1496", "url": "https://attack.mitre.org/techniques/T1496", "tactic": "impact"}, {"technique": "Firmware Corruption", "technique_id": "T1495", "url": "https://attack.mitre.org/techniques/T1495", "tactic": "impact"}, {"technique": "Runtime Data Manipulation", "technique_id": "T1494", "url": "https://attack.mitre.org/techniques/T1494", "tactic": "impact"}, {"technique": "Transmitted Data Manipulation", "technique_id": "T1493", "url": "https://attack.mitre.org/techniques/T1493", "tactic": "impact"}, {"technique": "Stored Data Manipulation", "technique_id": "T1492", "url": "https://attack.mitre.org/techniques/T1492", "tactic": "impact"}, {"technique": "Defacement", "technique_id": "T1491", "url": "https://attack.mitre.org/techniques/T1491", "tactic": "impact"}, {"technique": "Inhibit System Recovery", "technique_id": "T1490", "url": "https://attack.mitre.org/techniques/T1490", "tactic": "impact"}, {"technique": "Service Stop", "technique_id": "T1489", "url": "https://attack.mitre.org/techniques/T1489", "tactic": "impact"}, {"technique": "Disk Content Wipe", "technique_id": "T1488", "url": "https://attack.mitre.org/techniques/T1488", "tactic": "impact"}, {"technique": "Disk Structure Wipe", "technique_id": "T1487", "url": "https://attack.mitre.org/techniques/T1487", "tactic": "impact"}, {"technique": "Data Encrypted for Impact", "technique_id": "T1486", "url": "https://attack.mitre.org/techniques/T1486", "tactic": "impact"}, {"technique": "Data Destruction", "technique_id": "T1485", "url": "https://attack.mitre.org/techniques/T1485", "tactic": "impact"}, {"technique": "Group Policy Modification", "technique_id": "T1484", "url": "https://attack.mitre.org/techniques/T1484", "tactic": "defense-evasion"}, {"technique": "Domain Generation Algorithms", "technique_id": "T1483", "url": "https://attack.mitre.org/techniques/T1483", "tactic": "command-and-control"}, {"technique": "Domain Trust Discovery", "technique_id": "T1482", "url": "https://attack.mitre.org/techniques/T1482", "tactic": "discovery"}, {"technique": "Execution Guardrails", "technique_id": "T1480", "url": "https://attack.mitre.org/techniques/T1480", "tactic": "defense-evasion"}, {"technique": "File and Directory Permissions Modification", "technique_id": "T1222", "url": "https://attack.mitre.org/techniques/T1222", "tactic": "defense-evasion"}, {"technique": "Compiled HTML File", "technique_id": "T1223", "url": "https://attack.mitre.org/techniques/T1223", "tactic": "defense-evasion"}, {"technique": "Template Injection", "technique_id": "T1221", "url": "https://attack.mitre.org/techniques/T1221", "tactic": "defense-evasion"}, {"technique": "XSL Script Processing", "technique_id": "T1220", "url": "https://attack.mitre.org/techniques/T1220", "tactic": "defense-evasion"}, {"technique": "Browser Bookmark Discovery", "technique_id": "T1217", "url": "https://attack.mitre.org/techniques/T1217", "tactic": "discovery"}, {"technique": "Data from Information Repositories", "technique_id": "T1213", "url": "https://attack.mitre.org/techniques/T1213", "tactic": "collection"}, {"technique": "Exploit Public-Facing Application", "technique_id": "T1190", "url": "https://attack.mitre.org/techniques/T1190", "tactic": "initial-access"}, {"technique": "Exploitation of Remote Services", "technique_id": "T1210", "url": "https://attack.mitre.org/techniques/T1210", "tactic": "lateral-movement"}, {"technique": "Hardware Additions", "technique_id": "T1200", "url": "https://attack.mitre.org/techniques/T1200", "tactic": "initial-access"}, {"technique": "Indirect Command Execution", "technique_id": "T1202", "url": "https://attack.mitre.org/techniques/T1202", "tactic": "defense-evasion"}, {"technique": "Spearphishing via Service", "technique_id": "T1194", "url": "https://attack.mitre.org/techniques/T1194", "tactic": "initial-access"}, {"technique": "Time Providers", "technique_id": "T1209", "url": "https://attack.mitre.org/techniques/T1209", "tactic": "persistence"}, {"technique": "Trusted Relationship", "technique_id": "T1199", "url": "https://attack.mitre.org/techniques/T1199", "tactic": "initial-access"}, {"technique": "CMSTP", "technique_id": "T1191", "url": "https://attack.mitre.org/techniques/T1191", "tactic": "defense-evasion"}, {"technique": "DCShadow", "technique_id": "T1207", "url": "https://attack.mitre.org/techniques/T1207", "tactic": "defense-evasion"}, {"technique": "Drive-by Compromise", "technique_id": "T1189", "url": "https://attack.mitre.org/techniques/T1189", "tactic": "initial-access"}, {"technique": "Exploitation for Defense Evasion", "technique_id": "T1211", "url": "https://attack.mitre.org/techniques/T1211", "tactic": "defense-evasion"}, {"technique": "Signed Binary Proxy Execution", "technique_id": "T1218", "url": "https://attack.mitre.org/techniques/T1218", "tactic": "defense-evasion"}, {"technique": "Spearphishing Attachment", "technique_id": "T1193", "url": "https://attack.mitre.org/techniques/T1193", "tactic": "initial-access"}, {"technique": "Supply Chain Compromise", "technique_id": "T1195", "url": "https://attack.mitre.org/techniques/T1195", "tactic": "initial-access"}, {"technique": "User Execution", "technique_id": "T1204", "url": "https://attack.mitre.org/techniques/T1204", "tactic": "execution"}, {"technique": "Control Panel Items", "technique_id": "T1196", "url": "https://attack.mitre.org/techniques/T1196", "tactic": "defense-evasion"}, {"technique": "Exploitation for Credential Access", "technique_id": "T1212", "url": "https://attack.mitre.org/techniques/T1212", "tactic": "credential-access"}, {"technique": "Kernel Modules and Extensions", "technique_id": "T1215", "url": "https://attack.mitre.org/techniques/T1215", "tactic": "persistence"}, {"technique": "BITS Jobs", "technique_id": "T1197", "url": "https://attack.mitre.org/techniques/T1197", "tactic": "defense-evasion"}, {"technique": "Credentials in Registry", "technique_id": "T1214", "url": "https://attack.mitre.org/techniques/T1214", "tactic": "credential-access"}, {"technique": "Signed Script Proxy Execution", "technique_id": "T1216", "url": "https://attack.mitre.org/techniques/T1216", "tactic": "defense-evasion"}, {"technique": "Spearphishing Link", "technique_id": "T1192", "url": "https://attack.mitre.org/techniques/T1192", "tactic": "initial-access"}, {"technique": "SIP and Trust Provider Hijacking", "technique_id": "T1198", "url": "https://attack.mitre.org/techniques/T1198", "tactic": "defense-evasion"}, {"technique": "Sudo Caching", "technique_id": "T1206", "url": "https://attack.mitre.org/techniques/T1206", "tactic": "privilege-escalation"}, {"technique": "Exploitation for Client Execution", "technique_id": "T1203", "url": "https://attack.mitre.org/techniques/T1203", "tactic": "execution"}, {"technique": "Kerberoasting", "technique_id": "T1208", "url": "https://attack.mitre.org/techniques/T1208", "tactic": "credential-access"}, {"technique": "Password Policy Discovery", "technique_id": "T1201", "url": "https://attack.mitre.org/techniques/T1201", "tactic": "discovery"}, {"technique": "Port Knocking", "technique_id": "T1205", "url": "https://attack.mitre.org/techniques/T1205", "tactic": "defense-evasion"}, {"technique": "Remote Access Tools", "technique_id": "T1219", "url": "https://attack.mitre.org/techniques/T1219", "tactic": "command-and-control"}, {"technique": "Domain Fronting", "technique_id": "T1172", "url": "https://attack.mitre.org/techniques/T1172", "tactic": "command-and-control"}, {"technique": "Dynamic Data Exchange", "technique_id": "T1173", "url": "https://attack.mitre.org/techniques/T1173", "tactic": "execution"}, {"technique": "Forced Authentication", "technique_id": "T1187", "url": "https://attack.mitre.org/techniques/T1187", "tactic": "credential-access"}, {"technique": "Multi-hop Proxy", "technique_id": "T1188", "url": "https://attack.mitre.org/techniques/T1188", "tactic": "command-and-control"}, {"technique": "Password Filter DLL", "technique_id": "T1174", "url": "https://attack.mitre.org/techniques/T1174", "tactic": "credential-access"}, {"technique": "Component Object Model and Distributed COM", "technique_id": "T1175", "url": "https://attack.mitre.org/techniques/T1175", "tactic": "lateral-movement"}, {"technique": "Mshta", "technique_id": "T1170", "url": "https://attack.mitre.org/techniques/T1170", "tactic": "defense-evasion"}, {"technique": "Hooking", "technique_id": "T1179", "url": "https://attack.mitre.org/techniques/T1179", "tactic": "persistence"}, {"technique": "SSH Hijacking", "technique_id": "T1184", "url": "https://attack.mitre.org/techniques/T1184", "tactic": "lateral-movement"}, {"technique": "Extra Window Memory Injection", "technique_id": "T1181", "url": "https://attack.mitre.org/techniques/T1181", "tactic": "defense-evasion"}, {"technique": "LSASS Driver", "technique_id": "T1177", "url": "https://attack.mitre.org/techniques/T1177", "tactic": "execution"}, {"technique": "AppCert DLLs", "technique_id": "T1182", "url": "https://attack.mitre.org/techniques/T1182", "tactic": "persistence"}, {"technique": "Browser Extensions", "technique_id": "T1176", "url": "https://attack.mitre.org/techniques/T1176", "tactic": "persistence"}, {"technique": "Man in the Browser", "technique_id": "T1185", "url": "https://attack.mitre.org/techniques/T1185", "tactic": "collection"}, {"technique": "Screensaver", "technique_id": "T1180", "url": "https://attack.mitre.org/techniques/T1180", "tactic": "persistence"}, {"technique": "Image File Execution Options Injection", "technique_id": "T1183", "url": "https://attack.mitre.org/techniques/T1183", "tactic": "privilege-escalation"}, {"technique": "LLMNR/NBT-NS Poisoning and Relay", "technique_id": "T1171", "url": "https://attack.mitre.org/techniques/T1171", "tactic": "credential-access"}, {"technique": "Process Doppelg\u00e4nging", "technique_id": "T1186", "url": "https://attack.mitre.org/techniques/T1186", "tactic": "defense-evasion"}, {"technique": "SID-History Injection", "technique_id": "T1178", "url": "https://attack.mitre.org/techniques/T1178", "tactic": "privilege-escalation"}, {"technique": "Application Shimming", "technique_id": "T1138", "url": "https://attack.mitre.org/techniques/T1138", "tactic": "persistence"}, {"technique": "Deobfuscate/Decode Files or Information", "technique_id": "T1140", "url": "https://attack.mitre.org/techniques/T1140", "tactic": "defense-evasion"}, {"technique": "LC_MAIN Hijacking", "technique_id": "T1149", "url": "https://attack.mitre.org/techniques/T1149", "tactic": "defense-evasion"}, {"technique": "Launchctl", "technique_id": "T1152", "url": "https://attack.mitre.org/techniques/T1152", "tactic": "defense-evasion"}, {"technique": "Plist Modification", "technique_id": "T1150", "url": "https://attack.mitre.org/techniques/T1150", "tactic": "defense-evasion"}, {"technique": "Rc.common", "technique_id": "T1163", "url": "https://attack.mitre.org/techniques/T1163", "tactic": "persistence"}, {"technique": "Setuid and Setgid", "technique_id": "T1166", "url": "https://attack.mitre.org/techniques/T1166", "tactic": "privilege-escalation"}, {"technique": "Dylib Hijacking", "technique_id": "T1157", "url": "https://attack.mitre.org/techniques/T1157", "tactic": "persistence"}, {"technique": "AppleScript", "technique_id": "T1155", "url": "https://attack.mitre.org/techniques/T1155", "tactic": "execution"}, {"technique": "Create Account", "technique_id": "T1136", "url": "https://attack.mitre.org/techniques/T1136", "tactic": "persistence"}, {"technique": "Hidden Window", "technique_id": "T1143", "url": "https://attack.mitre.org/techniques/T1143", "tactic": "defense-evasion"}, {"technique": "Input Prompt", "technique_id": "T1141", "url": "https://attack.mitre.org/techniques/T1141", "tactic": "credential-access"}, {"technique": "Keychain", "technique_id": "T1142", "url": "https://attack.mitre.org/techniques/T1142", "tactic": "credential-access"}, {"technique": "Launch Agent", "technique_id": "T1159", "url": "https://attack.mitre.org/techniques/T1159", "tactic": "persistence"}, {"technique": "Network Share Discovery", "technique_id": "T1135", "url": "https://attack.mitre.org/techniques/T1135", "tactic": "discovery"}, {"technique": "HISTCONTROL", "technique_id": "T1148", "url": "https://attack.mitre.org/techniques/T1148", "tactic": "defense-evasion"}, {"technique": "LC_LOAD_DYLIB Addition", "technique_id": "T1161", "url": "https://attack.mitre.org/techniques/T1161", "tactic": "persistence"}, {"technique": "Trap", "technique_id": "T1154", "url": "https://attack.mitre.org/techniques/T1154", "tactic": "execution"}, {"technique": "Access Token Manipulation", "technique_id": "T1134", "url": "https://attack.mitre.org/techniques/T1134", "tactic": "defense-evasion"}, {"technique": "Bash History", "technique_id": "T1139", "url": "https://attack.mitre.org/techniques/T1139", "tactic": "credential-access"}, {"technique": "Hidden Users", "technique_id": "T1147", "url": "https://attack.mitre.org/techniques/T1147", "tactic": "defense-evasion"}, {"technique": ".bash_profile and .bashrc", "technique_id": "T1156", "url": "https://attack.mitre.org/techniques/T1156", "tactic": "persistence"}, {"technique": "Clear Command History", "technique_id": "T1146", "url": "https://attack.mitre.org/techniques/T1146", "tactic": "defense-evasion"}, {"technique": "Launch Daemon", "technique_id": "T1160", "url": "https://attack.mitre.org/techniques/T1160", "tactic": "persistence"}, {"technique": "Private Keys", "technique_id": "T1145", "url": "https://attack.mitre.org/techniques/T1145", "tactic": "credential-access"}, {"technique": "Startup Items", "technique_id": "T1165", "url": "https://attack.mitre.org/techniques/T1165", "tactic": "persistence"}, {"technique": "Login Item", "technique_id": "T1162", "url": "https://attack.mitre.org/techniques/T1162", "tactic": "persistence"}, {"technique": "Office Application Startup", "technique_id": "T1137", "url": "https://attack.mitre.org/techniques/T1137", "tactic": "persistence"}, {"technique": "Space after Filename", "technique_id": "T1151", "url": "https://attack.mitre.org/techniques/T1151", "tactic": "defense-evasion"}, {"technique": "Gatekeeper Bypass", "technique_id": "T1144", "url": "https://attack.mitre.org/techniques/T1144", "tactic": "defense-evasion"}, {"technique": "Hidden Files and Directories", "technique_id": "T1158", "url": "https://attack.mitre.org/techniques/T1158", "tactic": "defense-evasion"}, {"technique": "Local Job Scheduling", "technique_id": "T1168", "url": "https://attack.mitre.org/techniques/T1168", "tactic": "persistence"}, {"technique": "Re-opened Applications", "technique_id": "T1164", "url": "https://attack.mitre.org/techniques/T1164", "tactic": "persistence"}, {"technique": "Securityd Memory", "technique_id": "T1167", "url": "https://attack.mitre.org/techniques/T1167", "tactic": "credential-access"}, {"technique": "Source", "technique_id": "T1153", "url": "https://attack.mitre.org/techniques/T1153", "tactic": "execution"}, {"technique": "Sudo", "technique_id": "T1169", "url": "https://attack.mitre.org/techniques/T1169", "tactic": "privilege-escalation"}, {"technique": "External Remote Services", "technique_id": "T1133", "url": "https://attack.mitre.org/techniques/T1133", "tactic": "persistence"}, {"technique": "Data Encoding", "technique_id": "T1132", "url": "https://attack.mitre.org/techniques/T1132", "tactic": "command-and-control"}, {"technique": "Authentication Package", "technique_id": "T1131", "url": "https://attack.mitre.org/techniques/T1131", "tactic": "persistence"}, {"technique": "Install Root Certificate", "technique_id": "T1130", "url": "https://attack.mitre.org/techniques/T1130", "tactic": "defense-evasion"}, {"technique": "Execution through Module Load", "technique_id": "T1129", "url": "https://attack.mitre.org/techniques/T1129", "tactic": "execution"}, {"technique": "Netsh Helper DLL", "technique_id": "T1128", "url": "https://attack.mitre.org/techniques/T1128", "tactic": "persistence"}, {"technique": "Trusted Developer Utilities", "technique_id": "T1127", "url": "https://attack.mitre.org/techniques/T1127", "tactic": "defense-evasion"}, {"technique": "Network Share Connection Removal", "technique_id": "T1126", "url": "https://attack.mitre.org/techniques/T1126", "tactic": "defense-evasion"}, {"technique": "Video Capture", "technique_id": "T1125", "url": "https://attack.mitre.org/techniques/T1125", "tactic": "collection"}, {"technique": "System Time Discovery", "technique_id": "T1124", "url": "https://attack.mitre.org/techniques/T1124", "tactic": "discovery"}, {"technique": "Audio Capture", "technique_id": "T1123", "url": "https://attack.mitre.org/techniques/T1123", "tactic": "collection"}, {"technique": "Component Object Model Hijacking", "technique_id": "T1122", "url": "https://attack.mitre.org/techniques/T1122", "tactic": "defense-evasion"}, {"technique": "Regsvcs/Regasm", "technique_id": "T1121", "url": "https://attack.mitre.org/techniques/T1121", "tactic": "defense-evasion"}, {"technique": "Peripheral Device Discovery", "technique_id": "T1120", "url": "https://attack.mitre.org/techniques/T1120", "tactic": "discovery"}, {"technique": "Automated Collection", "technique_id": "T1119", "url": "https://attack.mitre.org/techniques/T1119", "tactic": "collection"}, {"technique": "InstallUtil", "technique_id": "T1118", "url": "https://attack.mitre.org/techniques/T1118", "tactic": "defense-evasion"}, {"technique": "Regsvr32", "technique_id": "T1117", "url": "https://attack.mitre.org/techniques/T1117", "tactic": "defense-evasion"}, {"technique": "Code Signing", "technique_id": "T1116", "url": "https://attack.mitre.org/techniques/T1116", "tactic": "defense-evasion"}, {"technique": "Clipboard Data", "technique_id": "T1115", "url": "https://attack.mitre.org/techniques/T1115", "tactic": "collection"}, {"technique": "Email Collection", "technique_id": "T1114", "url": "https://attack.mitre.org/techniques/T1114", "tactic": "collection"}, {"technique": "Screen Capture", "technique_id": "T1113", "url": "https://attack.mitre.org/techniques/T1113", "tactic": "collection"}, {"technique": "Modify Registry", "technique_id": "T1112", "url": "https://attack.mitre.org/techniques/T1112", "tactic": "defense-evasion"}, {"technique": "Two-Factor Authentication Interception", "technique_id": "T1111", "url": "https://attack.mitre.org/techniques/T1111", "tactic": "credential-access"}, {"technique": "Brute Force", "technique_id": "T1110", "url": "https://attack.mitre.org/techniques/T1110", "tactic": "credential-access"}, {"technique": "Component Firmware", "technique_id": "T1109", "url": "https://attack.mitre.org/techniques/T1109", "tactic": "defense-evasion"}, {"technique": "Redundant Access", "technique_id": "T1108", "url": "https://attack.mitre.org/techniques/T1108", "tactic": "defense-evasion"}, {"technique": "File Deletion", "technique_id": "T1107", "url": "https://attack.mitre.org/techniques/T1107", "tactic": "defense-evasion"}, {"technique": "Execution through API", "technique_id": "T1106", "url": "https://attack.mitre.org/techniques/T1106", "tactic": "execution"}, {"technique": "Remote File Copy", "technique_id": "T1105", "url": "https://attack.mitre.org/techniques/T1105", "tactic": "command-and-control"}, {"technique": "Multi-Stage Channels", "technique_id": "T1104", "url": "https://attack.mitre.org/techniques/T1104", "tactic": "command-and-control"}, {"technique": "AppInit DLLs", "technique_id": "T1103", "url": "https://attack.mitre.org/techniques/T1103", "tactic": "persistence"}, {"technique": "Web Service", "technique_id": "T1102", "url": "https://attack.mitre.org/techniques/T1102", "tactic": "command-and-control"}, {"technique": "Security Support Provider", "technique_id": "T1101", "url": "https://attack.mitre.org/techniques/T1101", "tactic": "persistence"}, {"technique": "Web Shell", "technique_id": "T1100", "url": "https://attack.mitre.org/techniques/T1100", "tactic": "persistence"}, {"technique": "Timestomp", "technique_id": "T1099", "url": "https://attack.mitre.org/techniques/T1099", "tactic": "defense-evasion"}, {"technique": "Account Manipulation", "technique_id": "T1098", "url": "https://attack.mitre.org/techniques/T1098", "tactic": "credential-access"}, {"technique": "Pass the Ticket", "technique_id": "T1097", "url": "https://attack.mitre.org/techniques/T1097", "tactic": "lateral-movement"}, {"technique": "NTFS File Attributes", "technique_id": "T1096", "url": "https://attack.mitre.org/techniques/T1096", "tactic": "defense-evasion"}, {"technique": "Standard Non-Application Layer Protocol", "technique_id": "T1095", "url": "https://attack.mitre.org/techniques/T1095", "tactic": "command-and-control"}, {"technique": "Custom Command and Control Protocol", "technique_id": "T1094", "url": "https://attack.mitre.org/techniques/T1094", "tactic": "command-and-control"}, {"technique": "Process Hollowing", "technique_id": "T1093", "url": "https://attack.mitre.org/techniques/T1093", "tactic": "defense-evasion"}, {"technique": "Communication Through Removable Media", "technique_id": "T1092", "url": "https://attack.mitre.org/techniques/T1092", "tactic": "command-and-control"}, {"technique": "Replication Through Removable Media", "technique_id": "T1091", "url": "https://attack.mitre.org/techniques/T1091", "tactic": "lateral-movement"}, {"technique": "Connection Proxy", "technique_id": "T1090", "url": "https://attack.mitre.org/techniques/T1090", "tactic": "command-and-control"}, {"technique": "Disabling Security Tools", "technique_id": "T1089", "url": "https://attack.mitre.org/techniques/T1089", "tactic": "defense-evasion"}, {"technique": "Bypass User Account Control", "technique_id": "T1088", "url": "https://attack.mitre.org/techniques/T1088", "tactic": "defense-evasion"}, {"technique": "Account Discovery", "technique_id": "T1087", "url": "https://attack.mitre.org/techniques/T1087", "tactic": "discovery"}, {"technique": "PowerShell", "technique_id": "T1086", "url": "https://attack.mitre.org/techniques/T1086", "tactic": "execution"}, {"technique": "Rundll32", "technique_id": "T1085", "url": "https://attack.mitre.org/techniques/T1085", "tactic": "defense-evasion"}, {"technique": "Windows Management Instrumentation Event Subscription", "technique_id": "T1084", "url": "https://attack.mitre.org/techniques/T1084", "tactic": "persistence"}, {"technique": "File and Directory Discovery", "technique_id": "T1083", "url": "https://attack.mitre.org/techniques/T1083", "tactic": "discovery"}, {"technique": "System Information Discovery", "technique_id": "T1082", "url": "https://attack.mitre.org/techniques/T1082", "tactic": "discovery"}, {"technique": "Credentials in Files", "technique_id": "T1081", "url": "https://attack.mitre.org/techniques/T1081", "tactic": "credential-access"}, {"technique": "Taint Shared Content", "technique_id": "T1080", "url": "https://attack.mitre.org/techniques/T1080", "tactic": "lateral-movement"}, {"technique": "Multilayer Encryption", "technique_id": "T1079", "url": "https://attack.mitre.org/techniques/T1079", "tactic": "command-and-control"}, {"technique": "Valid Accounts", "technique_id": "T1078", "url": "https://attack.mitre.org/techniques/T1078", "tactic": "defense-evasion"}, {"technique": "Windows Admin Shares", "technique_id": "T1077", "url": "https://attack.mitre.org/techniques/T1077", "tactic": "lateral-movement"}, {"technique": "Remote Desktop Protocol", "technique_id": "T1076", "url": "https://attack.mitre.org/techniques/T1076", "tactic": "lateral-movement"}, {"technique": "Pass the Hash", "technique_id": "T1075", "url": "https://attack.mitre.org/techniques/T1075", "tactic": "lateral-movement"}, {"technique": "Data Staged", "technique_id": "T1074", "url": "https://attack.mitre.org/techniques/T1074", "tactic": "collection"}, {"technique": "DLL Side-Loading", "technique_id": "T1073", "url": "https://attack.mitre.org/techniques/T1073", "tactic": "defense-evasion"}, {"technique": "Third-party Software", "technique_id": "T1072", "url": "https://attack.mitre.org/techniques/T1072", "tactic": "execution"}, {"technique": "Standard Application Layer Protocol", "technique_id": "T1071", "url": "https://attack.mitre.org/techniques/T1071", "tactic": "command-and-control"}, {"technique": "Indicator Removal on Host", "technique_id": "T1070", "url": "https://attack.mitre.org/techniques/T1070", "tactic": "defense-evasion"}, {"technique": "Permission Groups Discovery", "technique_id": "T1069", "url": "https://attack.mitre.org/techniques/T1069", "tactic": "discovery"}, {"technique": "Exploitation for Privilege Escalation", "technique_id": "T1068", "url": "https://attack.mitre.org/techniques/T1068", "tactic": "privilege-escalation"}, {"technique": "Bootkit", "technique_id": "T1067", "url": "https://attack.mitre.org/techniques/T1067", "tactic": "persistence"}, {"technique": "Indicator Removal from Tools", "technique_id": "T1066", "url": "https://attack.mitre.org/techniques/T1066", "tactic": "defense-evasion"}, {"technique": "Uncommonly Used Port", "technique_id": "T1065", "url": "https://attack.mitre.org/techniques/T1065", "tactic": "command-and-control"}, {"technique": "Scripting", "technique_id": "T1064", "url": "https://attack.mitre.org/techniques/T1064", "tactic": "defense-evasion"}, {"technique": "Security Software Discovery", "technique_id": "T1063", "url": "https://attack.mitre.org/techniques/T1063", "tactic": "discovery"}, {"technique": "Hypervisor", "technique_id": "T1062", "url": "https://attack.mitre.org/techniques/T1062", "tactic": "persistence"}, {"technique": "Graphical User Interface", "technique_id": "T1061", "url": "https://attack.mitre.org/techniques/T1061", "tactic": "execution"}, {"technique": "Registry Run Keys / Startup Folder", "technique_id": "T1060", "url": "https://attack.mitre.org/techniques/T1060", "tactic": "persistence"}, {"technique": "Command-Line Interface", "technique_id": "T1059", "url": "https://attack.mitre.org/techniques/T1059", "tactic": "execution"}, {"technique": "Service Registry Permissions Weakness", "technique_id": "T1058", "url": "https://attack.mitre.org/techniques/T1058", "tactic": "persistence"}, {"technique": "Process Discovery", "technique_id": "T1057", "url": "https://attack.mitre.org/techniques/T1057", "tactic": "discovery"}, {"technique": "Input Capture", "technique_id": "T1056", "url": "https://attack.mitre.org/techniques/T1056", "tactic": "collection"}, {"technique": "Process Injection", "technique_id": "T1055", "url": "https://attack.mitre.org/techniques/T1055", "tactic": "defense-evasion"}, {"technique": "Indicator Blocking", "technique_id": "T1054", "url": "https://attack.mitre.org/techniques/T1054", "tactic": "defense-evasion"}, {"technique": "Scheduled Task", "technique_id": "T1053", "url": "https://attack.mitre.org/techniques/T1053", "tactic": "execution"}, {"technique": "Exfiltration Over Physical Medium", "technique_id": "T1052", "url": "https://attack.mitre.org/techniques/T1052", "tactic": "exfiltration"}, {"technique": "Shared Webroot", "technique_id": "T1051", "url": "https://attack.mitre.org/techniques/T1051", "tactic": "lateral-movement"}, {"technique": "New Service", "technique_id": "T1050", "url": "https://attack.mitre.org/techniques/T1050", "tactic": "persistence"}, {"technique": "System Network Connections Discovery", "technique_id": "T1049", "url": "https://attack.mitre.org/techniques/T1049", "tactic": "discovery"}, {"technique": "Exfiltration Over Alternative Protocol", "technique_id": "T1048", "url": "https://attack.mitre.org/techniques/T1048", "tactic": "exfiltration"}, {"technique": "Windows Management Instrumentation", "technique_id": "T1047", "url": "https://attack.mitre.org/techniques/T1047", "tactic": "execution"}, {"technique": "Network Service Scanning", "technique_id": "T1046", "url": "https://attack.mitre.org/techniques/T1046", "tactic": "discovery"}, {"technique": "Software Packing", "technique_id": "T1045", "url": "https://attack.mitre.org/techniques/T1045", "tactic": "defense-evasion"}, {"technique": "File System Permissions Weakness", "technique_id": "T1044", "url": "https://attack.mitre.org/techniques/T1044", "tactic": "persistence"}, {"technique": "Commonly Used Port", "technique_id": "T1043", "url": "https://attack.mitre.org/techniques/T1043", "tactic": "command-and-control"}, {"technique": "Change Default File Association", "technique_id": "T1042", "url": "https://attack.mitre.org/techniques/T1042", "tactic": "persistence"}, {"technique": "Exfiltration Over Command and Control Channel", "technique_id": "T1041", "url": "https://attack.mitre.org/techniques/T1041", "tactic": "exfiltration"}, {"technique": "Network Sniffing", "technique_id": "T1040", "url": "https://attack.mitre.org/techniques/T1040", "tactic": "credential-access"}, {"technique": "Data from Network Shared Drive", "technique_id": "T1039", "url": "https://attack.mitre.org/techniques/T1039", "tactic": "collection"}, {"technique": "DLL Search Order Hijacking", "technique_id": "T1038", "url": "https://attack.mitre.org/techniques/T1038", "tactic": "persistence"}, {"technique": "Logon Scripts", "technique_id": "T1037", "url": "https://attack.mitre.org/techniques/T1037", "tactic": "lateral-movement"}, {"technique": "Masquerading", "technique_id": "T1036", "url": "https://attack.mitre.org/techniques/T1036", "tactic": "defense-evasion"}, {"technique": "Service Execution", "technique_id": "T1035", "url": "https://attack.mitre.org/techniques/T1035", "tactic": "execution"}, {"technique": "Path Interception", "technique_id": "T1034", "url": "https://attack.mitre.org/techniques/T1034", "tactic": "persistence"}, {"technique": "System Owner/User Discovery", "technique_id": "T1033", "url": "https://attack.mitre.org/techniques/T1033", "tactic": "discovery"}, {"technique": "Standard Cryptographic Protocol", "technique_id": "T1032", "url": "https://attack.mitre.org/techniques/T1032", "tactic": "command-and-control"}, {"technique": "Modify Existing Service", "technique_id": "T1031", "url": "https://attack.mitre.org/techniques/T1031", "tactic": "persistence"}, {"technique": "Data Transfer Size Limits", "technique_id": "T1030", "url": "https://attack.mitre.org/techniques/T1030", "tactic": "exfiltration"}, {"technique": "Scheduled Transfer", "technique_id": "T1029", "url": "https://attack.mitre.org/techniques/T1029", "tactic": "exfiltration"}, {"technique": "Windows Remote Management", "technique_id": "T1028", "url": "https://attack.mitre.org/techniques/T1028", "tactic": "execution"}, {"technique": "Obfuscated Files or Information", "technique_id": "T1027", "url": "https://attack.mitre.org/techniques/T1027", "tactic": "defense-evasion"}, {"technique": "Multiband Communication", "technique_id": "T1026", "url": "https://attack.mitre.org/techniques/T1026", "tactic": "command-and-control"}, {"technique": "Data from Removable Media", "technique_id": "T1025", "url": "https://attack.mitre.org/techniques/T1025", "tactic": "collection"}, {"technique": "Custom Cryptographic Protocol", "technique_id": "T1024", "url": "https://attack.mitre.org/techniques/T1024", "tactic": "command-and-control"}, {"technique": "Shortcut Modification", "technique_id": "T1023", "url": "https://attack.mitre.org/techniques/T1023", "tactic": "persistence"}, {"technique": "Data Encrypted", "technique_id": "T1022", "url": "https://attack.mitre.org/techniques/T1022", "tactic": "exfiltration"}, {"technique": "Remote Services", "technique_id": "T1021", "url": "https://attack.mitre.org/techniques/T1021", "tactic": "lateral-movement"}, {"technique": "Automated Exfiltration", "technique_id": "T1020", "url": "https://attack.mitre.org/techniques/T1020", "tactic": "exfiltration"}, {"technique": "System Firmware", "technique_id": "T1019", "url": "https://attack.mitre.org/techniques/T1019", "tactic": "persistence"}, {"technique": "Remote System Discovery", "technique_id": "T1018", "url": "https://attack.mitre.org/techniques/T1018", "tactic": "discovery"}, {"technique": "Application Deployment Software", "technique_id": "T1017", "url": "https://attack.mitre.org/techniques/T1017", "tactic": "lateral-movement"}, {"technique": "System Network Configuration Discovery", "technique_id": "T1016", "url": "https://attack.mitre.org/techniques/T1016", "tactic": "discovery"}, {"technique": "Accessibility Features", "technique_id": "T1015", "url": "https://attack.mitre.org/techniques/T1015", "tactic": "persistence"}, {"technique": "Rootkit", "technique_id": "T1014", "url": "https://attack.mitre.org/techniques/T1014", "tactic": "defense-evasion"}, {"technique": "Port Monitors", "technique_id": "T1013", "url": "https://attack.mitre.org/techniques/T1013", "tactic": "persistence"}, {"technique": "Query Registry", "technique_id": "T1012", "url": "https://attack.mitre.org/techniques/T1012", "tactic": "discovery"}, {"technique": "Exfiltration Over Other Network Medium", "technique_id": "T1011", "url": "https://attack.mitre.org/techniques/T1011", "tactic": "exfiltration"}, {"technique": "Application Window Discovery", "technique_id": "T1010", "url": "https://attack.mitre.org/techniques/T1010", "tactic": "discovery"}, {"technique": "Binary Padding", "technique_id": "T1009", "url": "https://attack.mitre.org/techniques/T1009", "tactic": "defense-evasion"}, {"technique": "Fallback Channels", "technique_id": "T1008", "url": "https://attack.mitre.org/techniques/T1008", "tactic": "command-and-control"}, {"technique": "System Service Discovery", "technique_id": "T1007", "url": "https://attack.mitre.org/techniques/T1007", "tactic": "discovery"}, {"technique": "File System Logical Offsets", "technique_id": "T1006", "url": "https://attack.mitre.org/techniques/T1006", "tactic": "defense-evasion"}, {"technique": "Data from Local System", "technique_id": "T1005", "url": "https://attack.mitre.org/techniques/T1005", "tactic": "collection"}, {"technique": "Winlogon Helper DLL", "technique_id": "T1004", "url": "https://attack.mitre.org/techniques/T1004", "tactic": "persistence"}, {"technique": "Credential Dumping", "technique_id": "T1003", "url": "https://attack.mitre.org/techniques/T1003", "tactic": "credential-access"}, {"technique": "Data Compressed", "technique_id": "T1002", "url": "https://attack.mitre.org/techniques/T1002", "tactic": "exfiltration"}, {"technique": "Data Obfuscation", "technique_id": "T1001", "url": "https://attack.mitre.org/techniques/T1001", "tactic": "command-and-control"}]