-
Technique
Confidence 100
MITRE
· Source: AlienVault
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug,…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may abuse various implementations of JavaScript for execution. JavaScript (JS) is a platform-independent scripting language (compiled just-in-time at runtime) commonly associated with scripts in webpages, though JS…
· Source: The MITRE Corporation
-
Technique
Confidence 100
macos
linux
MITRE
Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the primary command prompt on Linux, macOS, and ESXi systems, though many variations of the…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may use [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
MITRE
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer's alerts and notifications. There are three…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use this information to…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to manipulate the name of a task or service to make it appear legitimate or benign. Tasks/services executed by the Task Scheduler or systemd will…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures.(Citation:…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often…
· Source: The MITRE Corporation
-
Technique
Confidence 100
macos
linux
MITRE
Adversaries may abuse the `cron` utility to perform task scheduling for initial or recurring execution of malicious code.(Citation: 20 macOS Common Tools and Techniques) The `cron` utility is…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data…
· Source: The MITRE Corporation
-
Technique
Confidence 100
IaaS
Office Suite
MITRE
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly accessible…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in…
· Source: The MITRE Corporation
-
Technique
Confidence 100
windows
macos
MITRE
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials,…
· Source: The MITRE Corporation