version: 1.2 file_type: technique-administration name: example platform: - Windows - Azure - Azure AD - Office 365 # - Note that detection and visibility are independent from each other. # Meaning that detection could be left blank and only have visibility filled in. # - Also note that the below serves purely as an example and is therefore not accurate on all areas. # # - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool. techniques: - technique_id: T1222 technique_name: File and Directory Permissions Modification detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1218.001 technique_name: Compiled HTML File detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1221 technique_name: Template Injection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: false - technique_id: T1220 technique_name: XSL Script Processing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1217 technique_name: Browser Bookmark Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1218.002 technique_name: Control Panel detection: - applicable_to: - client endpoints location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1552.002 technique_name: Credentials in Registry detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1189 technique_name: Drive-by Compromise detection: - applicable_to: - all location: - SIEM UC 123 - Tool Model Y comment: '' score_logbook: - date: 2019-08-05T00:00:00.000Z score: 3 comment: This detection was improved due to the availability of the new log source Process use of network - date: 2018-11-01T00:00:00.000Z score: 1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1203 technique_name: Exploitation for Client Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1210 technique_name: Exploitation of Remote Services detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1211 technique_name: Exploitation for Defense Evasion detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1202 technique_name: Indirect Command Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1212 technique_name: Exploitation for Credential Access detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1201 technique_name: Password Policy Discovery detection: - applicable_to: - domain controllers location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1218.003 technique_name: CMSTP detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1219 technique_name: Remote Access Software detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 3 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1553.003 technique_name: SIP and Trust Provider Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1218 technique_name: Signed Binary Proxy Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1566.001 technique_name: Spearphishing Attachment detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1216 technique_name: Signed Script Proxy Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1566.002 technique_name: Spearphishing Link detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1547.003 technique_name: Time Providers detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1195.001 technique_name: Compromise Software Dependencies and Development Tools detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1566.003 technique_name: Spearphishing via Service detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: true - technique_id: T1204 technique_name: User Execution detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 0 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1546.009 technique_name: AppCert DLLs detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1176 technique_name: Browser Extensions detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1021.003 technique_name: Distributed Component Object Model detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1185 technique_name: Man in the Browser detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1556.002 technique_name: Password Filter DLL detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1218.005 technique_name: Mshta detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1557.001 technique_name: LLMNR/NBT-NS Poisoning and SMB Relay detection: - applicable_to: - client endpoints location: - Third party product A comment: | This comment will be multiline in Excel score_logbook: - date: 2017-01-01T00:00:00.000Z score: 2 comment: '' - applicable_to: - servers location: - Model I comment: '' score_logbook: - date: 2019-05-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - client endpoints comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: false - applicable_to: - servers comment: | This comment will be multiline in Excel score_logbook: - date: 2019-03-01T00:00:00.000Z score: 3 comment: '' auto_generated: false - technique_id: T1559.002 technique_name: Dynamic Data Exchange detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1056.004 technique_name: Credential API Hooking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1055.013 technique_name: Process Doppelgänging detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1090.004 technique_name: Domain Fronting detection: - applicable_to: - all location: - Model A comment: '' score_logbook: - date: 2018-08-01T00:00:00.000Z score: 5 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: false - technique_id: T1546.012 technique_name: Image File Execution Options Injection detection: - applicable_to: - all location: - Tool comment: '' score_logbook: - date: 2018-11-01T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: false - technique_id: T1547.008 technique_name: LSASS Driver detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.002 technique_name: Screensaver detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1134 technique_name: Access Token Manipulation detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.011 technique_name: Application Shimming detection: - applicable_to: - all location: - SIEM comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1140 technique_name: Deobfuscate/Decode Files or Information detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1136 technique_name: Create Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1137 technique_name: Office Application Startup detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1564.001 technique_name: Hidden Files and Directories detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1135 technique_name: Network Share Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1132 technique_name: Data Encoding detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1547.002 technique_name: Authentication Package detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1129 technique_name: Shared Modules detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.007 technique_name: Netsh Helper DLL detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1127 technique_name: Trusted Developer Utilities Proxy Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: false - technique_id: T1070.005 technique_name: Network Share Connection Removal detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1125 technique_name: Video Capture detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1124 technique_name: System Time Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1123 technique_name: Audio Capture detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.015 technique_name: Component Object Model Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1218.009 technique_name: Regsvcs/Regasm detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1218.004 technique_name: InstallUtil detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1218.010 technique_name: Regsvr32 detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1114 technique_name: Email Collection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1113 technique_name: Screen Capture detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1112 technique_name: Modify Registry detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1111 technique_name: Two-Factor Authentication Interception detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1542.002 technique_name: Component Firmware detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1106 technique_name: Native API detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1105 technique_name: Ingress Tool Transfer detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.010 technique_name: AppInit DLLs detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1102 technique_name: Web Service detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1547.005 technique_name: Security Support Provider detection: - applicable_to: - all location: - SIEM UC 789 comment: '' score_logbook: - date: 2018-11-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 3 comment: '' auto_generated: false - technique_id: T1505.003 technique_name: Web Shell detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1070.006 technique_name: Timestomp detection: - applicable_to: - all location: - Tool Model X comment: '' score_logbook: - date: 2018-11-01T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: false - technique_id: T1095 technique_name: Non-Application Layer Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 3 comment: '' auto_generated: false - technique_id: T1055.012 technique_name: Process Hollowing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1090 technique_name: Proxy detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1562.001 technique_name: Disable or Modify Tools detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1548.002 technique_name: Bypass User Access Control detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1087 technique_name: Account Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1059.001 technique_name: PowerShell detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: false - technique_id: T1218.011 technique_name: Rundll32 detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1083 technique_name: File and Directory Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1082 technique_name: System Information Discovery detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1080 technique_name: Taint Shared Content detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1078 technique_name: Valid Accounts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1021.002 technique_name: SMB/Windows Admin Shares detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: 2018-10-01T00:00:00.000Z score: 0 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1021.001 technique_name: Remote Desktop Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1074 technique_name: Data Staged detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1574.002 technique_name: DLL Side-Loading detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1071.001 technique_name: Web Protocols detection: - applicable_to: - all location: - SIEM UC 123 comment: '' score_logbook: - date: 2018-11-01T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: false - technique_id: T1070 technique_name: Indicator Removal on Host detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1069 technique_name: Permission Groups Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1068 technique_name: Exploitation for Privilege Escalation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1027.005 technique_name: Indicator Removal from Tools detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1571 technique_name: Non-Standard Port detection: - applicable_to: - all location: - Model B comment: '' score_logbook: - date: 2018-10-01T00:00:00.000Z score: 5 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 3 comment: '' auto_generated: false - technique_id: T1059.005 technique_name: Visual Basic detection: - applicable_to: - all location: - EDR - AV Product comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1518.001 technique_name: Security Software Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1547.001 technique_name: Registry Run Keys / Startup Folder detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1059 technique_name: Command and Scripting Interpreter detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1574.011 technique_name: Services Registry Permissions Weakness detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1057 technique_name: Process Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1056 technique_name: Input Capture detection: - applicable_to: - client endpoints location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1055 technique_name: Process Injection detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1562.006 technique_name: Indicator Blocking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1053 technique_name: Scheduled Task/Job detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1049 technique_name: System Network Connections Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1048 technique_name: Exfiltration Over Alternative Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1047 technique_name: Windows Management Instrumentation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1546.001 technique_name: Change Default File Association detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1041 technique_name: Exfiltration Over C2 Channel detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1040 technique_name: Network Sniffing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1039 technique_name: Data from Network Shared Drive detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1574.001 technique_name: DLL Search Order Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1037.005 technique_name: Boot or Logon Initialization Scripts detection: - applicable_to: - all location: - Model F comment: '' score_logbook: - date: 2018-05-07T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1036.003 technique_name: Rename System Utilities detection: - applicable_to: - all location: - Model C comment: '' score_logbook: - date: 2018-02-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1569.002 technique_name: Service Execution detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1574.007 technique_name: Path Interception by PATH Environment Variable detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1033 technique_name: System Owner/User Discovery detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1543.003 technique_name: Windows Service detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1030 technique_name: Data Transfer Size Limits detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1029 technique_name: Scheduled Transfer detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1021.006 technique_name: Windows Remote Management detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1027 technique_name: Obfuscated Files or Information detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1025 technique_name: Data from Removable Media detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1573 technique_name: Encrypted Channel detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 0 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1547.009 technique_name: Shortcut Modification detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1020 technique_name: Automated Exfiltration detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1018 technique_name: Remote System Discovery detection: - applicable_to: - all location: - Third party product A comment: '' score_logbook: - date: 2017-01-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1072 technique_name: Software Deployment Tools detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1016 technique_name: System Network Configuration Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1546.008 technique_name: Accessibility Features detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1547.010 technique_name: Port Monitors detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1012 technique_name: Query Registry detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1011 technique_name: Exfiltration Over Other Network Medium detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1010 technique_name: Application Window Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1008 technique_name: Fallback Channels detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1007 technique_name: System Service Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1005 technique_name: Data from Local System detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1547.004 technique_name: Winlogon Helper DLL detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1003 technique_name: OS Credential Dumping detection: - applicable_to: - all location: - EDR comment: '' score_logbook: - date: 2018-12-01T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1560 technique_name: Archive Collected Data detection: - applicable_to: - all location: - Model D comment: '' score_logbook: - date: 2017-10-10T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1001 technique_name: Data Obfuscation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1485 technique_name: Data Destruction detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1486 technique_name: Data Encrypted for Impact detection: - applicable_to: - all location: - Model J comment: '' score_logbook: - date: 2015-01-01T00:00:00.000Z score: 4 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 3 comment: '' auto_generated: false - technique_id: T1561.001 technique_name: Disk Content Wipe detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1499 technique_name: Endpoint Denial of Service detection: - applicable_to: - websites location: - Third party comment: '' score_logbook: - date: 2015-01-01T00:00:00.000Z score: 5 comment: '' visibility: - applicable_to: - websites comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: false - technique_id: T1490 technique_name: Inhibit System Recovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1498 technique_name: Network Denial of Service detection: - applicable_to: - websites location: - Third party comment: '' score_logbook: - date: 2015-01-01T00:00:00.000Z score: 5 comment: '' visibility: - applicable_to: - websites comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: false - technique_id: T1496 technique_name: Resource Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1565.003 technique_name: Runtime Data Manipulation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1489 technique_name: Service Stop detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1027.004 technique_name: Compile After Delivery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1568.002 technique_name: Domain Generation Algorithms detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 1 comment: '' auto_generated: true - technique_id: T1482 technique_name: Domain Trust Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1480 technique_name: Execution Guardrails detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 4 comment: '' auto_generated: true - technique_id: T1497 technique_name: Virtualization/Sandbox Evasion detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-03-01T00:00:00.000Z score: 2 comment: '' auto_generated: true - technique_id: T1187 technique_name: Forced Authentication detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 1 comment: 'New data source: Process use of network' auto_generated: true - technique_id: T1056.002 technique_name: GUI Input Capture detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 2 comment: 'New data source: Process use of network' auto_generated: true - technique_id: T1104 technique_name: Multi-Stage Channels detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 1 comment: 'New data source: Process use of network' auto_generated: true - technique_id: T1046 technique_name: Network Service Scanning detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2019-07-30T00:00:00.000Z score: 1 comment: 'New data source: Process use of network' auto_generated: true - technique_id: T1001.001 technique_name: Junk Data detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1001.002 technique_name: Steganography detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1001.003 technique_name: Protocol Impersonation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1003.001 technique_name: LSASS Memory detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1003.002 technique_name: Security Account Manager detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1003.003 technique_name: NTDS detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1003.004 technique_name: LSA Secrets detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1003.005 technique_name: Cached Domain Credentials detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1011.001 technique_name: Exfiltration Over Bluetooth detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1021 technique_name: Remote Services detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1021.005 technique_name: VNC detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1027.001 technique_name: Binary Padding detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1036 technique_name: Masquerading detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1036.001 technique_name: Invalid Code Signature detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1036.004 technique_name: Masquerade Task or Service detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1036.005 technique_name: Match Legitimate Name or Location detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1037 technique_name: Boot or Logon Initialization Scripts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1037.001 technique_name: Logon Script (Windows) detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1037.003 technique_name: Network Logon Script detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1048.001 technique_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1048.002 technique_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1048.003 technique_name: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1052 technique_name: Exfiltration Over Physical Medium detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1052.001 technique_name: Exfiltration over USB detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1053.002 technique_name: At (Windows) detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1053.005 technique_name: Scheduled Task detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.001 technique_name: Dynamic-link Library Injection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.002 technique_name: Portable Executable Injection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.003 technique_name: Thread Execution Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.004 technique_name: Asynchronous Procedure Call detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.005 technique_name: Thread Local Storage detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1055.011 technique_name: Extra Window Memory Injection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1056.001 technique_name: Keylogging detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1059.003 technique_name: Windows Command Shell detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1059.006 technique_name: Python detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1059.007 technique_name: JavaScript/JScript detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1069.001 technique_name: Local Groups detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1069.002 technique_name: Domain Groups detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1069.003 technique_name: Cloud Groups detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1070.001 technique_name: Clear Windows Event Logs detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1071 technique_name: Application Layer Protocol detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1071.002 technique_name: File Transfer Protocols detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1071.003 technique_name: Mail Protocols detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1071.004 technique_name: DNS detection: - applicable_to: - all location: - SIEM UC 128 comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1074.001 technique_name: Local Data Staging detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1074.002 technique_name: Remote Data Staging detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1078.001 technique_name: Default Accounts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1078.002 technique_name: Domain Accounts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1078.004 technique_name: Cloud Accounts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1087.001 technique_name: Local Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1087.002 technique_name: Domain Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1087.003 technique_name: Email Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1087.004 technique_name: Cloud Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 3 comment: introduction of sub-techniques auto_generated: true - technique_id: T1090.001 technique_name: Internal Proxy detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1090.002 technique_name: External Proxy detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1098.001 technique_name: Additional Azure Service Principal Credentials detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1098.002 technique_name: Exchange Email Delegate Permissions detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1098.003 technique_name: Add Office 365 Global Administrator Role detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1102.001 technique_name: Dead Drop Resolver detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1102.002 technique_name: Bidirectional Communication detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1102.003 technique_name: One-Way Communication detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1110 technique_name: Brute Force detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1110.001 technique_name: Password Guessing detection: - applicable_to: - all location: - Third paty product B comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1110.002 technique_name: Password Cracking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1110.003 technique_name: Password Spraying detection: - applicable_to: - all location: - Third paty product B comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 3 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1110.004 technique_name: Credential Stuffing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1114.001 technique_name: Local Email Collection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1114.002 technique_name: Remote Email Collection detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1114.003 technique_name: Email Forwarding Rule detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 3 comment: introduction of sub-techniques auto_generated: true - technique_id: T1120 technique_name: Peripheral Device Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1127.001 technique_name: MSBuild detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1132.001 technique_name: Standard Encoding detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1132.002 technique_name: Non-Standard Encoding detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1134.001 technique_name: Token Impersonation/Theft detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1134.002 technique_name: Create Process with Token detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1134.003 technique_name: Make and Impersonate Token detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1134.004 technique_name: Parent PID Spoofing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1136.001 technique_name: Local Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1136.002 technique_name: Domain Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1136.003 technique_name: Cloud Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.001 technique_name: Office Template Macros detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.002 technique_name: Office Test detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.003 technique_name: Outlook Forms detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.004 technique_name: Outlook Home Page detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.005 technique_name: Outlook Rules detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1137.006 technique_name: Add-ins detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1190 technique_name: Exploit Public-Facing Application detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1195 technique_name: Supply Chain Compromise detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1195.002 technique_name: Compromise Software Supply Chain detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1195.003 technique_name: Compromise Hardware Supply Chain detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1197 technique_name: BITS Jobs detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1199 technique_name: Trusted Relationship detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1204.001 technique_name: Malicious Link detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1204.002 technique_name: Malicious File detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1213 technique_name: Data from Information Repositories detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1213.002 technique_name: Sharepoint detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1216.001 technique_name: PubPrn detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1218.007 technique_name: Msiexec detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1218.008 technique_name: Odbcconf detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1222.001 technique_name: Windows File and Directory Permissions Modification detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1480.001 technique_name: Environmental Keying detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1497.001 technique_name: System Checks detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1497.002 technique_name: User Activity Based Checks detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1497.003 technique_name: Time Based Evasion detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1498.001 technique_name: Direct Network Flood detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1498.002 technique_name: Reflection Amplification detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1499.001 technique_name: OS Exhaustion Flood detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1499.002 technique_name: Service Exhaustion Flood detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1499.003 technique_name: Application Exhaustion Flood detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1499.004 technique_name: Application or System Exploitation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1505 technique_name: Server Software Component detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1518 technique_name: Software Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1526 technique_name: Cloud Service Discovery detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1528 technique_name: Steal Application Access Token detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1529 technique_name: System Shutdown/Reboot detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1530 technique_name: Data from Cloud Storage Object detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1531 technique_name: Account Access Removal detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1534 technique_name: Internal Spearphishing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1535 technique_name: Unused/Unsupported Cloud Regions detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1537 technique_name: Transfer Data to Cloud Account detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1538 technique_name: Cloud Service Dashboard detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1542 technique_name: Pre-OS Boot detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1543 technique_name: Create or Modify System Process detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1546 technique_name: Event Triggered Execution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1546.003 technique_name: Windows Management Instrumentation Event Subscription detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1546.013 technique_name: PowerShell Profile detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1548 technique_name: Abuse Elevation Control Mechanism detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1550 technique_name: Use Alternate Authentication Material detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1550.001 technique_name: Application Access Token detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1550.004 technique_name: Web Session Cookie detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1552 technique_name: Unsecured Credentials detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1552.005 technique_name: Cloud Instance Metadata API detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1553 technique_name: Subvert Trust Controls detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1553.004 technique_name: Install Root Certificate detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1554 technique_name: Compromise Client Software Binary detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1555 technique_name: Credentials from Password Stores detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1555.003 technique_name: Credentials from Web Browsers detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1556 technique_name: Modify Authentication Process detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1559 technique_name: Inter-Process Communication detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1559.001 technique_name: Component Object Model detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1560.001 technique_name: Archive via Utility detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1560.002 technique_name: Archive via Library detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1561 technique_name: Disk Wipe detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1561.002 technique_name: Disk Structure Wipe detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1562 technique_name: Impair Defenses detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1562.002 technique_name: Disable Windows Event Logging detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1562.004 technique_name: Disable or Modify System Firewall detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1562.007 technique_name: Disable or Modify Cloud Firewall detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1563 technique_name: Remote Service Session Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1563.002 technique_name: RDP Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1564 technique_name: Hide Artifacts detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1564.003 technique_name: Hidden Window detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1564.005 technique_name: Hidden File System detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1564.006 technique_name: Run Virtual Instance detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1566 technique_name: Phishing detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1567 technique_name: Exfiltration Over Web Service detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1567.001 technique_name: Exfiltration to Code Repository detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1567.002 technique_name: Exfiltration to Cloud Storage detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1568 technique_name: Dynamic Resolution detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1568.001 technique_name: Fast Flux DNS detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1568.003 technique_name: DNS Calculation detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1569 technique_name: System Services detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1570 technique_name: Lateral Tool Transfer detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1572 technique_name: Protocol Tunneling detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1573.001 technique_name: Symmetric Cryptography detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1573.002 technique_name: Asymmetric Cryptography detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1574 technique_name: Hijack Execution Flow detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 1 comment: introduction of sub-techniques auto_generated: true - technique_id: T1574.008 technique_name: Path Interception by Search Order Hijacking detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1574.009 technique_name: Path Interception by Unquoted Path detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1574.012 technique_name: COR_PROFILER detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 2 comment: introduction of sub-techniques auto_generated: true - technique_id: T1578 technique_name: Modify Cloud Compute Infrastructure detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1578.001 technique_name: Create Snapshot detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1578.002 technique_name: Create Cloud Instance detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1578.003 technique_name: Delete Cloud Instance detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true - technique_id: T1578.004 technique_name: Revert Cloud Instance detection: - applicable_to: - all location: - '' comment: '' score_logbook: - date: null score: -1 comment: '' visibility: - applicable_to: - all comment: '' score_logbook: - date: 2020-07-10T00:00:00.000Z score: 4 comment: introduction of sub-techniques auto_generated: true