-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may use [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.(Citation: TrendMicro Pawn Storm Dec 2020) Without knowledge…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may employ an encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug,…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use this information to…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems.…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within…
· Source: The MITRE Corporation