7.2 KiB
7.2 KiB
MITRE ATT&CK Matrix - Linux
Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Execution | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|
.bash_profile and .bashrc | Exploitation of Vulnerability | Binary Padding | Bash History | Account Discovery | Application Deployment Software | Command-Line Interface | Audio Capture | Automated Exfiltration | Commonly Used Port |
Bootkit | Setuid and Setgid | Clear Command History | Brute Force | File and Directory Discovery | Exploitation of Vulnerability | Graphical User Interface | Automated Collection | Data Compressed | Communication Through Removable Media |
Cron Job | Sudo | Disabling Security Tools | Create Account | Permission Groups Discovery | Remote File Copy | Scripting | Clipboard Data | Data Encrypted | Connection Proxy |
Hidden Files and Directories | Valid Accounts | Exploitation of Vulnerability | Credentials in Files | Process Discovery | Remote Services | Source | Data Staged | Data Transfer Size Limits | Custom Command and Control Protocol |
Rc.common | Web Shell | File Deletion | Exploitation of Vulnerability | System Information Discovery | Third-party Software | Space after Filename | Data from Local System | Exfiltration Over Alternative Protocol | Custom Cryptographic Protocol |
Redundant Access | HISTCONTROL | Input Capture | System Network Configuration Discovery | Third-party Software | Data from Network Shared Drive | Exfiltration Over Command and Control Channel | Data Encoding | ||
Trap | Hidden Files and Directories | Network Sniffing | System Network Connections Discovery | Trap | Data from Removable Media | Exfiltration Over Other Network Medium | Data Obfuscation | ||
Valid Accounts | Indicator Removal from Tools | Private Keys | System Owner/User Discovery | Input Capture | Exfiltration Over Physical Medium | Fallback Channels | |||
Web Shell | Indicator Removal on Host | Two-Factor Authentication Interception | Screen Capture | Scheduled Transfer | Multi-Stage Channels | ||||
Install Root Certificate | Multiband Communication | ||||||||
Masquerading | Multilayer Encryption | ||||||||
Redundant Access | Remote File Copy | ||||||||
Scripting | Standard Application Layer Protocol | ||||||||
Space after Filename | Standard Cryptographic Protocol | ||||||||
Timestomp | Standard Non-Application Layer Protocol | ||||||||
Valid Accounts | Uncommonly Used Port | ||||||||
Web Service |