-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to manipulate the name of a task or service to make it appear legitimate or benign. Tasks/services executed by the Task Scheduler or systemd will…
· Source: The MITRE Corporation
-
Technique
Confidence 100
macos
linux
MITRE
Adversaries may execute their own malicious payloads by hijacking environment variables the dynamic linker uses to load shared libraries. During the execution preparation phase of a program, the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may use [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to cause a denial of service (DoS) by directly sending a high-volume of network traffic to a target. This DoS attack may also reduce the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Default accounts are those that…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use this information to…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may communicate using the Domain Name System (DNS) application layer protocol to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may chain together multiple proxies to disguise the source of malicious traffic. Typically, a defender will be able to identify the last proxy traffic traversed before it…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to cause a denial of service (DoS) by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence…
· Source: The MITRE Corporation
-
Technique
Confidence 100
macos
linux
MITRE
Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the primary command prompt on Linux, macOS, and ESXi systems, though many variations of the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
linux
MITRE
Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may communicate using application layer protocols associated with transferring files to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may make use of Domain Generation Algorithms (DGAs) to dynamically identify a destination domain for command and control traffic rather than relying on a list of static…
· Source: The MITRE Corporation
-
Technique
Confidence 100
macos
linux
MITRE
Adversaries may abuse the `cron` utility to perform task scheduling for initial or recurring execution of malicious code.(Citation: 20 macOS Common Tools and Techniques) The `cron` utility is…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts. Without knowledge of the password for an…
· Source: The MITRE Corporation