diff --git a/siem-converter/app/dictionaries/tactics.json b/siem-converter/app/dictionaries/tactics.json
new file mode 100644
index 00000000..7c20e614
--- /dev/null
+++ b/siem-converter/app/dictionaries/tactics.json
@@ -0,0 +1,72 @@
+{
+ "credential_access": {
+ "external_id": "TA0006",
+ "url": "https://attack.mitre.org/tactics/TA0006",
+ "tactic": "Credential Access"
+ },
+ "execution": {
+ "external_id": "TA0002",
+ "url": "https://attack.mitre.org/tactics/TA0002",
+ "tactic": "Execution"
+ },
+ "impact": {
+ "external_id": "TA0040",
+ "url": "https://attack.mitre.org/tactics/TA0040",
+ "tactic": "Impact"
+ },
+ "persistence": {
+ "external_id": "TA0003",
+ "url": "https://attack.mitre.org/tactics/TA0003",
+ "tactic": "Persistence"
+ },
+ "privilege_escalation": {
+ "external_id": "TA0004",
+ "url": "https://attack.mitre.org/tactics/TA0004",
+ "tactic": "Privilege Escalation"
+ },
+ "lateral_movement": {
+ "external_id": "TA0008",
+ "url": "https://attack.mitre.org/tactics/TA0008",
+ "tactic": "Lateral Movement"
+ },
+ "defense_evasion": {
+ "external_id": "TA0005",
+ "url": "https://attack.mitre.org/tactics/TA0005",
+ "tactic": "Defense Evasion"
+ },
+ "exfiltration": {
+ "external_id": "TA0010",
+ "url": "https://attack.mitre.org/tactics/TA0010",
+ "tactic": "Exfiltration"
+ },
+ "discovery": {
+ "external_id": "TA0007",
+ "url": "https://attack.mitre.org/tactics/TA0007",
+ "tactic": "Discovery"
+ },
+ "collection": {
+ "external_id": "TA0009",
+ "url": "https://attack.mitre.org/tactics/TA0009",
+ "tactic": "Collection"
+ },
+ "resource_development": {
+ "external_id": "TA0042",
+ "url": "https://attack.mitre.org/tactics/TA0042",
+ "tactic": "Resource Development"
+ },
+ "reconnaissance": {
+ "external_id": "TA0043",
+ "url": "https://attack.mitre.org/tactics/TA0043",
+ "tactic": "Reconnaissance"
+ },
+ "command_and_control": {
+ "external_id": "TA0011",
+ "url": "https://attack.mitre.org/tactics/TA0011",
+ "tactic": "Command and Control"
+ },
+ "initial_access": {
+ "external_id": "TA0001",
+ "url": "https://attack.mitre.org/tactics/TA0001",
+ "tactic": "Initial Access"
+ }
+}
\ No newline at end of file
diff --git a/siem-converter/app/dictionaries/techniques.json b/siem-converter/app/dictionaries/techniques.json
new file mode 100644
index 00000000..83323af3
--- /dev/null
+++ b/siem-converter/app/dictionaries/techniques.json
@@ -0,0 +1,3763 @@
+{
+ "t1047": {
+ "technique_id": "T1047",
+ "technique": "Windows Management Instrumentation",
+ "url": "https://attack.mitre.org/techniques/T1047",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1113": {
+ "technique_id": "T1113",
+ "technique": "Screen Capture",
+ "url": "https://attack.mitre.org/techniques/T1113",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1037": {
+ "technique_id": "T1037",
+ "technique": "Boot or Logon Initialization Scripts",
+ "url": "https://attack.mitre.org/techniques/T1037",
+ "tactic": [
+ "Persistence",
+ "Privilege Escalation"
+ ]
+ },
+ "t1557": {
+ "technique_id": "T1557",
+ "technique": "Adversary-in-the-Middle",
+ "url": "https://attack.mitre.org/techniques/T1557",
+ "tactic": [
+ "Credential Access",
+ "Collection"
+ ]
+ },
+ "t1033": {
+ "technique_id": "T1033",
+ "technique": "System Owner/User Discovery",
+ "url": "https://attack.mitre.org/techniques/T1033",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1583": {
+ "technique_id": "T1583",
+ "technique": "Acquire Infrastructure",
+ "url": "https://attack.mitre.org/techniques/T1583",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1613": {
+ "technique_id": "T1613",
+ "technique": "Container and Resource Discovery",
+ "url": "https://attack.mitre.org/techniques/T1613",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1592": {
+ "technique_id": "T1592",
+ "technique": "Gather Victim Host Information",
+ "url": "https://attack.mitre.org/techniques/T1592",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1003": {
+ "technique_id": "T1003",
+ "technique": "OS Credential Dumping",
+ "url": "https://attack.mitre.org/techniques/T1003",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1129": {
+ "technique_id": "T1129",
+ "technique": "Shared Modules",
+ "url": "https://attack.mitre.org/techniques/T1129",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1602": {
+ "technique_id": "T1602",
+ "technique": "Data from Configuration Repository",
+ "url": "https://attack.mitre.org/techniques/T1602",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1006": {
+ "technique_id": "T1006",
+ "technique": "Direct Volume Access",
+ "url": "https://attack.mitre.org/techniques/T1006",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1014": {
+ "technique_id": "T1014",
+ "technique": "Rootkit",
+ "url": "https://attack.mitre.org/techniques/T1014",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1123": {
+ "technique_id": "T1123",
+ "technique": "Audio Capture",
+ "url": "https://attack.mitre.org/techniques/T1123",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1543": {
+ "technique_id": "T1543",
+ "technique": "Create or Modify System Process",
+ "url": "https://attack.mitre.org/techniques/T1543",
+ "tactic": [
+ "Persistence",
+ "Privilege Escalation"
+ ]
+ },
+ "t1133": {
+ "technique_id": "T1133",
+ "technique": "External Remote Services",
+ "url": "https://attack.mitre.org/techniques/T1133",
+ "tactic": [
+ "Persistence",
+ "Initial Access"
+ ]
+ },
+ "t1539": {
+ "technique_id": "T1539",
+ "technique": "Steal Web Session Cookie",
+ "url": "https://attack.mitre.org/techniques/T1539",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1578": {
+ "technique_id": "T1578",
+ "technique": "Modify Cloud Compute Infrastructure",
+ "url": "https://attack.mitre.org/techniques/T1578",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1069": {
+ "technique_id": "T1069",
+ "technique": "Permission Groups Discovery",
+ "url": "https://attack.mitre.org/techniques/T1069",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1114": {
+ "technique_id": "T1114",
+ "technique": "Email Collection",
+ "url": "https://attack.mitre.org/techniques/T1114",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1594": {
+ "technique_id": "T1594",
+ "technique": "Search Victim-Owned Websites",
+ "url": "https://attack.mitre.org/techniques/T1594",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1561": {
+ "technique_id": "T1561",
+ "technique": "Disk Wipe",
+ "url": "https://attack.mitre.org/techniques/T1561",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1615": {
+ "technique_id": "T1615",
+ "technique": "Group Policy Discovery",
+ "url": "https://attack.mitre.org/techniques/T1615",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1025": {
+ "technique_id": "T1025",
+ "technique": "Data from Removable Media",
+ "url": "https://attack.mitre.org/techniques/T1025",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1547": {
+ "technique_id": "T1547",
+ "technique": "Boot or Logon Autostart Execution",
+ "url": "https://attack.mitre.org/techniques/T1547",
+ "tactic": [
+ "Persistence",
+ "Privilege Escalation"
+ ]
+ },
+ "t1600": {
+ "technique_id": "T1600",
+ "technique": "Weaken Encryption",
+ "url": "https://attack.mitre.org/techniques/T1600",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1489": {
+ "technique_id": "T1489",
+ "technique": "Service Stop",
+ "url": "https://attack.mitre.org/techniques/T1489",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1652": {
+ "technique_id": "T1652",
+ "technique": "Device Driver Discovery",
+ "url": "https://attack.mitre.org/techniques/T1652",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1564": {
+ "technique_id": "T1564",
+ "technique": "Hide Artifacts",
+ "url": "https://attack.mitre.org/techniques/T1564",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1080": {
+ "technique_id": "T1080",
+ "technique": "Taint Shared Content",
+ "url": "https://attack.mitre.org/techniques/T1080",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1137": {
+ "technique_id": "T1137",
+ "technique": "Office Application Startup",
+ "url": "https://attack.mitre.org/techniques/T1137",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1119": {
+ "technique_id": "T1119",
+ "technique": "Automated Collection",
+ "url": "https://attack.mitre.org/techniques/T1119",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1115": {
+ "technique_id": "T1115",
+ "technique": "Clipboard Data",
+ "url": "https://attack.mitre.org/techniques/T1115",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1007": {
+ "technique_id": "T1007",
+ "technique": "System Service Discovery",
+ "url": "https://attack.mitre.org/techniques/T1007",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1040": {
+ "technique_id": "T1040",
+ "technique": "Network Sniffing",
+ "url": "https://attack.mitre.org/techniques/T1040",
+ "tactic": [
+ "Credential Access",
+ "Discovery"
+ ]
+ },
+ "t1530": {
+ "technique_id": "T1530",
+ "technique": "Data from Cloud Storage",
+ "url": "https://attack.mitre.org/techniques/T1530",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1135": {
+ "technique_id": "T1135",
+ "technique": "Network Share Discovery",
+ "url": "https://attack.mitre.org/techniques/T1135",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1120": {
+ "technique_id": "T1120",
+ "technique": "Peripheral Device Discovery",
+ "url": "https://attack.mitre.org/techniques/T1120",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1082": {
+ "technique_id": "T1082",
+ "technique": "System Information Discovery",
+ "url": "https://attack.mitre.org/techniques/T1082",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1071": {
+ "technique_id": "T1071",
+ "technique": "Application Layer Protocol",
+ "url": "https://attack.mitre.org/techniques/T1071",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1053": {
+ "technique_id": "T1053",
+ "technique": "Scheduled Task/Job",
+ "url": "https://attack.mitre.org/techniques/T1053",
+ "tactic": [
+ "Execution",
+ "Persistence",
+ "Privilege Escalation"
+ ]
+ },
+ "t1176": {
+ "technique_id": "T1176",
+ "technique": "Browser Extensions",
+ "url": "https://attack.mitre.org/techniques/T1176",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1106": {
+ "technique_id": "T1106",
+ "technique": "Native API",
+ "url": "https://attack.mitre.org/techniques/T1106",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1202": {
+ "technique_id": "T1202",
+ "technique": "Indirect Command Execution",
+ "url": "https://attack.mitre.org/techniques/T1202",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1091": {
+ "technique_id": "T1091",
+ "technique": "Replication Through Removable Media",
+ "url": "https://attack.mitre.org/techniques/T1091",
+ "tactic": [
+ "Lateral Movement",
+ "Initial Access"
+ ]
+ },
+ "t1005": {
+ "technique_id": "T1005",
+ "technique": "Data from Local System",
+ "url": "https://attack.mitre.org/techniques/T1005",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1140": {
+ "technique_id": "T1140",
+ "technique": "Deobfuscate/Decode Files or Information",
+ "url": "https://attack.mitre.org/techniques/T1140",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1562": {
+ "technique_id": "T1562",
+ "technique": "Impair Defenses",
+ "url": "https://attack.mitre.org/techniques/T1562",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1195": {
+ "technique_id": "T1195",
+ "technique": "Supply Chain Compromise",
+ "url": "https://attack.mitre.org/techniques/T1195",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1190": {
+ "technique_id": "T1190",
+ "technique": "Exploit Public-Facing Application",
+ "url": "https://attack.mitre.org/techniques/T1190",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1558": {
+ "technique_id": "T1558",
+ "technique": "Steal or Forge Kerberos Tickets",
+ "url": "https://attack.mitre.org/techniques/T1558",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1555": {
+ "technique_id": "T1555",
+ "technique": "Credentials from Password Stores",
+ "url": "https://attack.mitre.org/techniques/T1555",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1567": {
+ "technique_id": "T1567",
+ "technique": "Exfiltration Over Web Service",
+ "url": "https://attack.mitre.org/techniques/T1567",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1219": {
+ "technique_id": "T1219",
+ "technique": "Remote Access Software",
+ "url": "https://attack.mitre.org/techniques/T1219",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1036": {
+ "technique_id": "T1036",
+ "technique": "Masquerading",
+ "url": "https://attack.mitre.org/techniques/T1036",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1552": {
+ "technique_id": "T1552",
+ "technique": "Unsecured Credentials",
+ "url": "https://attack.mitre.org/techniques/T1552",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1659": {
+ "technique_id": "T1659",
+ "technique": "Content Injection",
+ "url": "https://attack.mitre.org/techniques/T1659",
+ "tactic": [
+ "Initial Access",
+ "Command and Control"
+ ]
+ },
+ "t1055": {
+ "technique_id": "T1055",
+ "technique": "Process Injection",
+ "url": "https://attack.mitre.org/techniques/T1055",
+ "tactic": [
+ "Defense Evasion",
+ "Privilege Escalation"
+ ]
+ },
+ "t1205": {
+ "technique_id": "T1205",
+ "technique": "Traffic Signaling",
+ "url": "https://attack.mitre.org/techniques/T1205",
+ "tactic": [
+ "Defense Evasion",
+ "Persistence",
+ "Command and Control"
+ ]
+ },
+ "t1218": {
+ "technique_id": "T1218",
+ "technique": "System Binary Proxy Execution",
+ "url": "https://attack.mitre.org/techniques/T1218",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1620": {
+ "technique_id": "T1620",
+ "technique": "Reflective Code Loading",
+ "url": "https://attack.mitre.org/techniques/T1620",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1611": {
+ "technique_id": "T1611",
+ "technique": "Escape to Host",
+ "url": "https://attack.mitre.org/techniques/T1611",
+ "tactic": [
+ "Privilege Escalation"
+ ]
+ },
+ "t1010": {
+ "technique_id": "T1010",
+ "technique": "Application Window Discovery",
+ "url": "https://attack.mitre.org/techniques/T1010",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1029": {
+ "technique_id": "T1029",
+ "technique": "Scheduled Transfer",
+ "url": "https://attack.mitre.org/techniques/T1029",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1525": {
+ "technique_id": "T1525",
+ "technique": "Implant Internal Image",
+ "url": "https://attack.mitre.org/techniques/T1525",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1572": {
+ "technique_id": "T1572",
+ "technique": "Protocol Tunneling",
+ "url": "https://attack.mitre.org/techniques/T1572",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1550": {
+ "technique_id": "T1550",
+ "technique": "Use Alternate Authentication Material",
+ "url": "https://attack.mitre.org/techniques/T1550",
+ "tactic": [
+ "Defense Evasion",
+ "Lateral Movement"
+ ]
+ },
+ "t1011": {
+ "technique_id": "T1011",
+ "technique": "Exfiltration Over Other Network Medium",
+ "url": "https://attack.mitre.org/techniques/T1011",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1589": {
+ "technique_id": "T1589",
+ "technique": "Gather Victim Identity Information",
+ "url": "https://attack.mitre.org/techniques/T1589",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1560": {
+ "technique_id": "T1560",
+ "technique": "Archive Collected Data",
+ "url": "https://attack.mitre.org/techniques/T1560",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1185": {
+ "technique_id": "T1185",
+ "technique": "Browser Session Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1185",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1021": {
+ "technique_id": "T1021",
+ "technique": "Remote Services",
+ "url": "https://attack.mitre.org/techniques/T1021",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1596": {
+ "technique_id": "T1596",
+ "technique": "Search Open Technical Databases",
+ "url": "https://attack.mitre.org/techniques/T1596",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1207": {
+ "technique_id": "T1207",
+ "technique": "Rogue Domain Controller",
+ "url": "https://attack.mitre.org/techniques/T1207",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1610": {
+ "technique_id": "T1610",
+ "technique": "Deploy Container",
+ "url": "https://attack.mitre.org/techniques/T1610",
+ "tactic": [
+ "Defense Evasion",
+ "Execution"
+ ]
+ },
+ "t1112": {
+ "technique_id": "T1112",
+ "technique": "Modify Registry",
+ "url": "https://attack.mitre.org/techniques/T1112",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1580": {
+ "technique_id": "T1580",
+ "technique": "Cloud Infrastructure Discovery",
+ "url": "https://attack.mitre.org/techniques/T1580",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1491": {
+ "technique_id": "T1491",
+ "technique": "Defacement",
+ "url": "https://attack.mitre.org/techniques/T1491",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1535": {
+ "technique_id": "T1535",
+ "technique": "Unused/Unsupported Cloud Regions",
+ "url": "https://attack.mitre.org/techniques/T1535",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1563": {
+ "technique_id": "T1563",
+ "technique": "Remote Service Session Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1563",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1217": {
+ "technique_id": "T1217",
+ "technique": "Browser Information Discovery",
+ "url": "https://attack.mitre.org/techniques/T1217",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1092": {
+ "technique_id": "T1092",
+ "technique": "Communication Through Removable Media",
+ "url": "https://attack.mitre.org/techniques/T1092",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1222": {
+ "technique_id": "T1222",
+ "technique": "File and Directory Permissions Modification",
+ "url": "https://attack.mitre.org/techniques/T1222",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1595": {
+ "technique_id": "T1595",
+ "technique": "Active Scanning",
+ "url": "https://attack.mitre.org/techniques/T1595",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1548": {
+ "technique_id": "T1548",
+ "technique": "Abuse Elevation Control Mechanism",
+ "url": "https://attack.mitre.org/techniques/T1548",
+ "tactic": [
+ "Privilege Escalation",
+ "Defense Evasion"
+ ]
+ },
+ "t1125": {
+ "technique_id": "T1125",
+ "technique": "Video Capture",
+ "url": "https://attack.mitre.org/techniques/T1125",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1016": {
+ "technique_id": "T1016",
+ "technique": "System Network Configuration Discovery",
+ "url": "https://attack.mitre.org/techniques/T1016",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1087": {
+ "technique_id": "T1087",
+ "technique": "Account Discovery",
+ "url": "https://attack.mitre.org/techniques/T1087",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1090": {
+ "technique_id": "T1090",
+ "technique": "Proxy",
+ "url": "https://attack.mitre.org/techniques/T1090",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1059": {
+ "technique_id": "T1059",
+ "technique": "Command and Scripting Interpreter",
+ "url": "https://attack.mitre.org/techniques/T1059",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1482": {
+ "technique_id": "T1482",
+ "technique": "Domain Trust Discovery",
+ "url": "https://attack.mitre.org/techniques/T1482",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1020": {
+ "technique_id": "T1020",
+ "technique": "Automated Exfiltration",
+ "url": "https://attack.mitre.org/techniques/T1020",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1070": {
+ "technique_id": "T1070",
+ "technique": "Indicator Removal",
+ "url": "https://attack.mitre.org/techniques/T1070",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1609": {
+ "technique_id": "T1609",
+ "technique": "Container Administration Command",
+ "url": "https://attack.mitre.org/techniques/T1609",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1083": {
+ "technique_id": "T1083",
+ "technique": "File and Directory Discovery",
+ "url": "https://attack.mitre.org/techniques/T1083",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1568": {
+ "technique_id": "T1568",
+ "technique": "Dynamic Resolution",
+ "url": "https://attack.mitre.org/techniques/T1568",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1647": {
+ "technique_id": "T1647",
+ "technique": "Plist File Modification",
+ "url": "https://attack.mitre.org/techniques/T1647",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1074": {
+ "technique_id": "T1074",
+ "technique": "Data Staged",
+ "url": "https://attack.mitre.org/techniques/T1074",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1649": {
+ "technique_id": "T1649",
+ "technique": "Steal or Forge Authentication Certificates",
+ "url": "https://attack.mitre.org/techniques/T1649",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1049": {
+ "technique_id": "T1049",
+ "technique": "System Network Connections Discovery",
+ "url": "https://attack.mitre.org/techniques/T1049",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1584": {
+ "technique_id": "T1584",
+ "technique": "Compromise Infrastructure",
+ "url": "https://attack.mitre.org/techniques/T1584",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1542": {
+ "technique_id": "T1542",
+ "technique": "Pre-OS Boot",
+ "url": "https://attack.mitre.org/techniques/T1542",
+ "tactic": [
+ "Defense Evasion",
+ "Persistence"
+ ]
+ },
+ "t1612": {
+ "technique_id": "T1612",
+ "technique": "Build Image on Host",
+ "url": "https://attack.mitre.org/techniques/T1612",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1586": {
+ "technique_id": "T1586",
+ "technique": "Compromise Accounts",
+ "url": "https://attack.mitre.org/techniques/T1586",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1497": {
+ "technique_id": "T1497",
+ "technique": "Virtualization/Sandbox Evasion",
+ "url": "https://attack.mitre.org/techniques/T1497",
+ "tactic": [
+ "Defense Evasion",
+ "Discovery"
+ ]
+ },
+ "t1102": {
+ "technique_id": "T1102",
+ "technique": "Web Service",
+ "url": "https://attack.mitre.org/techniques/T1102",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1608": {
+ "technique_id": "T1608",
+ "technique": "Stage Capabilities",
+ "url": "https://attack.mitre.org/techniques/T1608",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1104": {
+ "technique_id": "T1104",
+ "technique": "Multi-Stage Channels",
+ "url": "https://attack.mitre.org/techniques/T1104",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1657": {
+ "technique_id": "T1657",
+ "technique": "Financial Theft",
+ "url": "https://attack.mitre.org/techniques/T1657",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1480": {
+ "technique_id": "T1480",
+ "technique": "Execution Guardrails",
+ "url": "https://attack.mitre.org/techniques/T1480",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1619": {
+ "technique_id": "T1619",
+ "technique": "Cloud Storage Object Discovery",
+ "url": "https://attack.mitre.org/techniques/T1619",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1654": {
+ "technique_id": "T1654",
+ "technique": "Log Enumeration",
+ "url": "https://attack.mitre.org/techniques/T1654",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1528": {
+ "technique_id": "T1528",
+ "technique": "Steal Application Access Token",
+ "url": "https://attack.mitre.org/techniques/T1528",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1204": {
+ "technique_id": "T1204",
+ "technique": "User Execution",
+ "url": "https://attack.mitre.org/techniques/T1204",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1057": {
+ "technique_id": "T1057",
+ "technique": "Process Discovery",
+ "url": "https://attack.mitre.org/techniques/T1057",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1072": {
+ "technique_id": "T1072",
+ "technique": "Software Deployment Tools",
+ "url": "https://attack.mitre.org/techniques/T1072",
+ "tactic": [
+ "Execution",
+ "Lateral Movement"
+ ]
+ },
+ "t1041": {
+ "technique_id": "T1041",
+ "technique": "Exfiltration Over C2 Channel",
+ "url": "https://attack.mitre.org/techniques/T1041",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1591": {
+ "technique_id": "T1591",
+ "technique": "Gather Victim Org Information",
+ "url": "https://attack.mitre.org/techniques/T1591",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1606": {
+ "technique_id": "T1606",
+ "technique": "Forge Web Credentials",
+ "url": "https://attack.mitre.org/techniques/T1606",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1621": {
+ "technique_id": "T1621",
+ "technique": "Multi-Factor Authentication Request Generation",
+ "url": "https://attack.mitre.org/techniques/T1621",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1554": {
+ "technique_id": "T1554",
+ "technique": "Compromise Client Software Binary",
+ "url": "https://attack.mitre.org/techniques/T1554",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1212": {
+ "technique_id": "T1212",
+ "technique": "Exploitation for Credential Access",
+ "url": "https://attack.mitre.org/techniques/T1212",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1590": {
+ "technique_id": "T1590",
+ "technique": "Gather Victim Network Information",
+ "url": "https://attack.mitre.org/techniques/T1590",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1210": {
+ "technique_id": "T1210",
+ "technique": "Exploitation of Remote Services",
+ "url": "https://attack.mitre.org/techniques/T1210",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1534": {
+ "technique_id": "T1534",
+ "technique": "Internal Spearphishing",
+ "url": "https://attack.mitre.org/techniques/T1534",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1199": {
+ "technique_id": "T1199",
+ "technique": "Trusted Relationship",
+ "url": "https://attack.mitre.org/techniques/T1199",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1593": {
+ "technique_id": "T1593",
+ "technique": "Search Open Websites/Domains",
+ "url": "https://attack.mitre.org/techniques/T1593",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1098": {
+ "technique_id": "T1098",
+ "technique": "Account Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1098",
+ "tactic": [
+ "Persistence",
+ "Privilege Escalation"
+ ]
+ },
+ "t1048": {
+ "technique_id": "T1048",
+ "technique": "Exfiltration Over Alternative Protocol",
+ "url": "https://attack.mitre.org/techniques/T1048",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1597": {
+ "technique_id": "T1597",
+ "technique": "Search Closed Sources",
+ "url": "https://attack.mitre.org/techniques/T1597",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1566": {
+ "technique_id": "T1566",
+ "technique": "Phishing",
+ "url": "https://attack.mitre.org/techniques/T1566",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1110": {
+ "technique_id": "T1110",
+ "technique": "Brute Force",
+ "url": "https://attack.mitre.org/techniques/T1110",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1565": {
+ "technique_id": "T1565",
+ "technique": "Data Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1565",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1559": {
+ "technique_id": "T1559",
+ "technique": "Inter-Process Communication",
+ "url": "https://attack.mitre.org/techniques/T1559",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1001": {
+ "technique_id": "T1001",
+ "technique": "Data Obfuscation",
+ "url": "https://attack.mitre.org/techniques/T1001",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1039": {
+ "technique_id": "T1039",
+ "technique": "Data from Network Shared Drive",
+ "url": "https://attack.mitre.org/techniques/T1039",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1601": {
+ "technique_id": "T1601",
+ "technique": "Modify System Image",
+ "url": "https://attack.mitre.org/techniques/T1601",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1574": {
+ "technique_id": "T1574",
+ "technique": "Hijack Execution Flow",
+ "url": "https://attack.mitre.org/techniques/T1574",
+ "tactic": [
+ "Persistence",
+ "Privilege Escalation",
+ "Defense Evasion"
+ ]
+ },
+ "t1078": {
+ "technique_id": "T1078",
+ "technique": "Valid Accounts",
+ "url": "https://attack.mitre.org/techniques/T1078",
+ "tactic": [
+ "Defense Evasion",
+ "Persistence",
+ "Privilege Escalation",
+ "Initial Access"
+ ]
+ },
+ "t1571": {
+ "technique_id": "T1571",
+ "technique": "Non-Standard Port",
+ "url": "https://attack.mitre.org/techniques/T1571",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1068": {
+ "technique_id": "T1068",
+ "technique": "Exploitation for Privilege Escalation",
+ "url": "https://attack.mitre.org/techniques/T1068",
+ "tactic": [
+ "Privilege Escalation"
+ ]
+ },
+ "t1531": {
+ "technique_id": "T1531",
+ "technique": "Account Access Removal",
+ "url": "https://attack.mitre.org/techniques/T1531",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1027": {
+ "technique_id": "T1027",
+ "technique": "Obfuscated Files or Information",
+ "url": "https://attack.mitre.org/techniques/T1027",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1201": {
+ "technique_id": "T1201",
+ "technique": "Password Policy Discovery",
+ "url": "https://attack.mitre.org/techniques/T1201",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1546": {
+ "technique_id": "T1546",
+ "technique": "Event Triggered Execution",
+ "url": "https://attack.mitre.org/techniques/T1546",
+ "tactic": [
+ "Privilege Escalation",
+ "Persistence"
+ ]
+ },
+ "t1187": {
+ "technique_id": "T1187",
+ "technique": "Forced Authentication",
+ "url": "https://attack.mitre.org/techniques/T1187",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1599": {
+ "technique_id": "T1599",
+ "technique": "Network Boundary Bridging",
+ "url": "https://attack.mitre.org/techniques/T1599",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1486": {
+ "technique_id": "T1486",
+ "technique": "Data Encrypted for Impact",
+ "url": "https://attack.mitre.org/techniques/T1486",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1553": {
+ "technique_id": "T1553",
+ "technique": "Subvert Trust Controls",
+ "url": "https://attack.mitre.org/techniques/T1553",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1573": {
+ "technique_id": "T1573",
+ "technique": "Encrypted Channel",
+ "url": "https://attack.mitre.org/techniques/T1573",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1056": {
+ "technique_id": "T1056",
+ "technique": "Input Capture",
+ "url": "https://attack.mitre.org/techniques/T1056",
+ "tactic": [
+ "Collection",
+ "Credential Access"
+ ]
+ },
+ "t1203": {
+ "technique_id": "T1203",
+ "technique": "Exploitation for Client Execution",
+ "url": "https://attack.mitre.org/techniques/T1203",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1570": {
+ "technique_id": "T1570",
+ "technique": "Lateral Tool Transfer",
+ "url": "https://attack.mitre.org/techniques/T1570",
+ "tactic": [
+ "Lateral Movement"
+ ]
+ },
+ "t1095": {
+ "technique_id": "T1095",
+ "technique": "Non-Application Layer Protocol",
+ "url": "https://attack.mitre.org/techniques/T1095",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1012": {
+ "technique_id": "T1012",
+ "technique": "Query Registry",
+ "url": "https://attack.mitre.org/techniques/T1012",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1030": {
+ "technique_id": "T1030",
+ "technique": "Data Transfer Size Limits",
+ "url": "https://attack.mitre.org/techniques/T1030",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1499": {
+ "technique_id": "T1499",
+ "technique": "Endpoint Denial of Service",
+ "url": "https://attack.mitre.org/techniques/T1499",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1614": {
+ "technique_id": "T1614",
+ "technique": "System Location Discovery",
+ "url": "https://attack.mitre.org/techniques/T1614",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1197": {
+ "technique_id": "T1197",
+ "technique": "BITS Jobs",
+ "url": "https://attack.mitre.org/techniques/T1197",
+ "tactic": [
+ "Defense Evasion",
+ "Persistence"
+ ]
+ },
+ "t1656": {
+ "technique_id": "T1656",
+ "technique": "Impersonation",
+ "url": "https://attack.mitre.org/techniques/T1656",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1132": {
+ "technique_id": "T1132",
+ "technique": "Data Encoding",
+ "url": "https://attack.mitre.org/techniques/T1132",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1598": {
+ "technique_id": "T1598",
+ "technique": "Phishing for Information",
+ "url": "https://attack.mitre.org/techniques/T1598",
+ "tactic": [
+ "Reconnaissance"
+ ]
+ },
+ "t1496": {
+ "technique_id": "T1496",
+ "technique": "Resource Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1496",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1585": {
+ "technique_id": "T1585",
+ "technique": "Establish Accounts",
+ "url": "https://attack.mitre.org/techniques/T1585",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1588": {
+ "technique_id": "T1588",
+ "technique": "Obtain Capabilities",
+ "url": "https://attack.mitre.org/techniques/T1588",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1569": {
+ "technique_id": "T1569",
+ "technique": "System Services",
+ "url": "https://attack.mitre.org/techniques/T1569",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1650": {
+ "technique_id": "T1650",
+ "technique": "Acquire Access",
+ "url": "https://attack.mitre.org/techniques/T1650",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1213": {
+ "technique_id": "T1213",
+ "technique": "Data from Information Repositories",
+ "url": "https://attack.mitre.org/techniques/T1213",
+ "tactic": [
+ "Collection"
+ ]
+ },
+ "t1200": {
+ "technique_id": "T1200",
+ "technique": "Hardware Additions",
+ "url": "https://attack.mitre.org/techniques/T1200",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1505": {
+ "technique_id": "T1505",
+ "technique": "Server Software Component",
+ "url": "https://attack.mitre.org/techniques/T1505",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1485": {
+ "technique_id": "T1485",
+ "technique": "Data Destruction",
+ "url": "https://attack.mitre.org/techniques/T1485",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1537": {
+ "technique_id": "T1537",
+ "technique": "Transfer Data to Cloud Account",
+ "url": "https://attack.mitre.org/techniques/T1537",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1189": {
+ "technique_id": "T1189",
+ "technique": "Drive-by Compromise",
+ "url": "https://attack.mitre.org/techniques/T1189",
+ "tactic": [
+ "Initial Access"
+ ]
+ },
+ "t1498": {
+ "technique_id": "T1498",
+ "technique": "Network Denial of Service",
+ "url": "https://attack.mitre.org/techniques/T1498",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1651": {
+ "technique_id": "T1651",
+ "technique": "Cloud Administration Command",
+ "url": "https://attack.mitre.org/techniques/T1651",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1221": {
+ "technique_id": "T1221",
+ "technique": "Template Injection",
+ "url": "https://attack.mitre.org/techniques/T1221",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1134": {
+ "technique_id": "T1134",
+ "technique": "Access Token Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1134",
+ "tactic": [
+ "Defense Evasion",
+ "Privilege Escalation"
+ ]
+ },
+ "t1111": {
+ "technique_id": "T1111",
+ "technique": "Multi-Factor Authentication Interception",
+ "url": "https://attack.mitre.org/techniques/T1111",
+ "tactic": [
+ "Credential Access"
+ ]
+ },
+ "t1136": {
+ "technique_id": "T1136",
+ "technique": "Create Account",
+ "url": "https://attack.mitre.org/techniques/T1136",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1526": {
+ "technique_id": "T1526",
+ "technique": "Cloud Service Discovery",
+ "url": "https://attack.mitre.org/techniques/T1526",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1018": {
+ "technique_id": "T1018",
+ "technique": "Remote System Discovery",
+ "url": "https://attack.mitre.org/techniques/T1018",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1046": {
+ "technique_id": "T1046",
+ "technique": "Network Service Discovery",
+ "url": "https://attack.mitre.org/techniques/T1046",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1518": {
+ "technique_id": "T1518",
+ "technique": "Software Discovery",
+ "url": "https://attack.mitre.org/techniques/T1518",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1538": {
+ "technique_id": "T1538",
+ "technique": "Cloud Service Dashboard",
+ "url": "https://attack.mitre.org/techniques/T1538",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1622": {
+ "technique_id": "T1622",
+ "technique": "Debugger Evasion",
+ "url": "https://attack.mitre.org/techniques/T1622",
+ "tactic": [
+ "Defense Evasion",
+ "Discovery"
+ ]
+ },
+ "t1052": {
+ "technique_id": "T1052",
+ "technique": "Exfiltration Over Physical Medium",
+ "url": "https://attack.mitre.org/techniques/T1052",
+ "tactic": [
+ "Exfiltration"
+ ]
+ },
+ "t1105": {
+ "technique_id": "T1105",
+ "technique": "Ingress Tool Transfer",
+ "url": "https://attack.mitre.org/techniques/T1105",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1648": {
+ "technique_id": "T1648",
+ "technique": "Serverless Execution",
+ "url": "https://attack.mitre.org/techniques/T1648",
+ "tactic": [
+ "Execution"
+ ]
+ },
+ "t1653": {
+ "technique_id": "T1653",
+ "technique": "Power Settings",
+ "url": "https://attack.mitre.org/techniques/T1653",
+ "tactic": [
+ "Persistence"
+ ]
+ },
+ "t1484": {
+ "technique_id": "T1484",
+ "technique": "Domain Policy Modification",
+ "url": "https://attack.mitre.org/techniques/T1484",
+ "tactic": [
+ "Defense Evasion",
+ "Privilege Escalation"
+ ]
+ },
+ "t1220": {
+ "technique_id": "T1220",
+ "technique": "XSL Script Processing",
+ "url": "https://attack.mitre.org/techniques/T1220",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1587": {
+ "technique_id": "T1587",
+ "technique": "Develop Capabilities",
+ "url": "https://attack.mitre.org/techniques/T1587",
+ "tactic": [
+ "Resource Development"
+ ]
+ },
+ "t1008": {
+ "technique_id": "T1008",
+ "technique": "Fallback Channels",
+ "url": "https://attack.mitre.org/techniques/T1008",
+ "tactic": [
+ "Command and Control"
+ ]
+ },
+ "t1124": {
+ "technique_id": "T1124",
+ "technique": "System Time Discovery",
+ "url": "https://attack.mitre.org/techniques/T1124",
+ "tactic": [
+ "Discovery"
+ ]
+ },
+ "t1556": {
+ "technique_id": "T1556",
+ "technique": "Modify Authentication Process",
+ "url": "https://attack.mitre.org/techniques/T1556",
+ "tactic": [
+ "Credential Access",
+ "Defense Evasion",
+ "Persistence"
+ ]
+ },
+ "t1495": {
+ "technique_id": "T1495",
+ "technique": "Firmware Corruption",
+ "url": "https://attack.mitre.org/techniques/T1495",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1490": {
+ "technique_id": "T1490",
+ "technique": "Inhibit System Recovery",
+ "url": "https://attack.mitre.org/techniques/T1490",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1216": {
+ "technique_id": "T1216",
+ "technique": "System Script Proxy Execution",
+ "url": "https://attack.mitre.org/techniques/T1216",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1211": {
+ "technique_id": "T1211",
+ "technique": "Exploitation for Defense Evasion",
+ "url": "https://attack.mitre.org/techniques/T1211",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1127": {
+ "technique_id": "T1127",
+ "technique": "Trusted Developer Utilities Proxy Execution",
+ "url": "https://attack.mitre.org/techniques/T1127",
+ "tactic": [
+ "Defense Evasion"
+ ]
+ },
+ "t1529": {
+ "technique_id": "T1529",
+ "technique": "System Shutdown/Reboot",
+ "url": "https://attack.mitre.org/techniques/T1529",
+ "tactic": [
+ "Impact"
+ ]
+ },
+ "t1055.011": {
+ "technique_id": "T1055.011",
+ "technique": "Process Injection : Extra Window Memory Injection",
+ "url": "https://attack.mitre.org/techniques/T1055/011"
+ },
+ "t1053.005": {
+ "technique_id": "T1053.005",
+ "technique": "Scheduled Task/Job : Scheduled Task",
+ "url": "https://attack.mitre.org/techniques/T1053/005"
+ },
+ "t1205.002": {
+ "technique_id": "T1205.002",
+ "technique": "Traffic Signaling : Socket Filters",
+ "url": "https://attack.mitre.org/techniques/T1205/002"
+ },
+ "t1560.001": {
+ "technique_id": "T1560.001",
+ "technique": "Archive Collected Data : Archive via Utility",
+ "url": "https://attack.mitre.org/techniques/T1560/001"
+ },
+ "t1021.005": {
+ "technique_id": "T1021.005",
+ "technique": "Remote Services : VNC",
+ "url": "https://attack.mitre.org/techniques/T1021/005"
+ },
+ "t1027.011": {
+ "technique_id": "T1027.011",
+ "technique": "Obfuscated Files or Information : Fileless Storage",
+ "url": "https://attack.mitre.org/techniques/T1027/011"
+ },
+ "t1218.011": {
+ "technique_id": "T1218.011",
+ "technique": "System Binary Proxy Execution : Rundll32",
+ "url": "https://attack.mitre.org/techniques/T1218/011"
+ },
+ "t1583.007": {
+ "technique_id": "T1583.007",
+ "technique": "Acquire Infrastructure : Serverless",
+ "url": "https://attack.mitre.org/techniques/T1583/007"
+ },
+ "t1132.001": {
+ "technique_id": "T1132.001",
+ "technique": "Data Encoding : Standard Encoding",
+ "url": "https://attack.mitre.org/techniques/T1132/001"
+ },
+ "t1027.009": {
+ "technique_id": "T1027.009",
+ "technique": "Obfuscated Files or Information : Embedded Payloads",
+ "url": "https://attack.mitre.org/techniques/T1027/009"
+ },
+ "t1556.003": {
+ "technique_id": "T1556.003",
+ "technique": "Modify Authentication Process : Pluggable Authentication Modules",
+ "url": "https://attack.mitre.org/techniques/T1556/003"
+ },
+ "t1578.004": {
+ "technique_id": "T1578.004",
+ "technique": "Modify Cloud Compute Infrastructure : Revert Cloud Instance",
+ "url": "https://attack.mitre.org/techniques/T1578/004"
+ },
+ "t1596.003": {
+ "technique_id": "T1596.003",
+ "technique": "Search Open Technical Databases : Digital Certificates",
+ "url": "https://attack.mitre.org/techniques/T1596/003"
+ },
+ "t1056.001": {
+ "technique_id": "T1056.001",
+ "technique": "Input Capture : Keylogging",
+ "url": "https://attack.mitre.org/techniques/T1056/001"
+ },
+ "t1222.002": {
+ "technique_id": "T1222.002",
+ "technique": "File and Directory Permissions Modification : Linux and Mac File and Directory Permissions Modification",
+ "url": "https://attack.mitre.org/techniques/T1222/002"
+ },
+ "t1110.001": {
+ "technique_id": "T1110.001",
+ "technique": "Brute Force : Password Guessing",
+ "url": "https://attack.mitre.org/techniques/T1110/001"
+ },
+ "t1216.001": {
+ "technique_id": "T1216.001",
+ "technique": "System Script Proxy Execution : PubPrn",
+ "url": "https://attack.mitre.org/techniques/T1216/001"
+ },
+ "t1597.002": {
+ "technique_id": "T1597.002",
+ "technique": "Search Closed Sources : Purchase Technical Data",
+ "url": "https://attack.mitre.org/techniques/T1597/002"
+ },
+ "t1561.002": {
+ "technique_id": "T1561.002",
+ "technique": "Disk Wipe : Disk Structure Wipe",
+ "url": "https://attack.mitre.org/techniques/T1561/002"
+ },
+ "t1498.001": {
+ "technique_id": "T1498.001",
+ "technique": "Network Denial of Service : Direct Network Flood",
+ "url": "https://attack.mitre.org/techniques/T1498/001"
+ },
+ "t1574.007": {
+ "technique_id": "T1574.007",
+ "technique": "Hijack Execution Flow : Path Interception by PATH Environment Variable",
+ "url": "https://attack.mitre.org/techniques/T1574/007"
+ },
+ "t1213.002": {
+ "technique_id": "T1213.002",
+ "technique": "Data from Information Repositories : Sharepoint",
+ "url": "https://attack.mitre.org/techniques/T1213/002"
+ },
+ "t1564.008": {
+ "technique_id": "T1564.008",
+ "technique": "Hide Artifacts : Email Hiding Rules",
+ "url": "https://attack.mitre.org/techniques/T1564/008"
+ },
+ "t1491.002": {
+ "technique_id": "T1491.002",
+ "technique": "Defacement : External Defacement",
+ "url": "https://attack.mitre.org/techniques/T1491/002"
+ },
+ "t1590.005": {
+ "technique_id": "T1590.005",
+ "technique": "Gather Victim Network Information : IP Addresses",
+ "url": "https://attack.mitre.org/techniques/T1590/005"
+ },
+ "t1499.001": {
+ "technique_id": "T1499.001",
+ "technique": "Endpoint Denial of Service : OS Exhaustion Flood",
+ "url": "https://attack.mitre.org/techniques/T1499/001"
+ },
+ "t1546.013": {
+ "technique_id": "T1546.013",
+ "technique": "Event Triggered Execution : PowerShell Profile",
+ "url": "https://attack.mitre.org/techniques/T1546/013"
+ },
+ "t1059.007": {
+ "technique_id": "T1059.007",
+ "technique": "Command and Scripting Interpreter : JavaScript",
+ "url": "https://attack.mitre.org/techniques/T1059/007"
+ },
+ "t1590.002": {
+ "technique_id": "T1590.002",
+ "technique": "Gather Victim Network Information : DNS",
+ "url": "https://attack.mitre.org/techniques/T1590/002"
+ },
+ "t1546.006": {
+ "technique_id": "T1546.006",
+ "technique": "Event Triggered Execution : LC_LOAD_DYLIB Addition",
+ "url": "https://attack.mitre.org/techniques/T1546/006"
+ },
+ "t1053.007": {
+ "technique_id": "T1053.007",
+ "technique": "Scheduled Task/Job : Container Orchestration Job",
+ "url": "https://attack.mitre.org/techniques/T1053/007"
+ },
+ "t1568.002": {
+ "technique_id": "T1568.002",
+ "technique": "Dynamic Resolution : Domain Generation Algorithms",
+ "url": "https://attack.mitre.org/techniques/T1568/002"
+ },
+ "t1036.007": {
+ "technique_id": "T1036.007",
+ "technique": "Masquerading : Double File Extension",
+ "url": "https://attack.mitre.org/techniques/T1036/007"
+ },
+ "t1548.002": {
+ "technique_id": "T1548.002",
+ "technique": "Abuse Elevation Control Mechanism : Bypass User Account Control",
+ "url": "https://attack.mitre.org/techniques/T1548/002"
+ },
+ "t1016.001": {
+ "technique_id": "T1016.001",
+ "technique": "System Network Configuration Discovery : Internet Connection Discovery",
+ "url": "https://attack.mitre.org/techniques/T1016/001"
+ },
+ "t1548.003": {
+ "technique_id": "T1548.003",
+ "technique": "Abuse Elevation Control Mechanism : Sudo and Sudo Caching",
+ "url": "https://attack.mitre.org/techniques/T1548/003"
+ },
+ "t1560.003": {
+ "technique_id": "T1560.003",
+ "technique": "Archive Collected Data : Archive via Custom Method",
+ "url": "https://attack.mitre.org/techniques/T1560/003"
+ },
+ "t1583.008": {
+ "technique_id": "T1583.008",
+ "technique": "Acquire Infrastructure : Malvertising",
+ "url": "https://attack.mitre.org/techniques/T1583/008"
+ },
+ "t1003.002": {
+ "technique_id": "T1003.002",
+ "technique": "OS Credential Dumping : Security Account Manager",
+ "url": "https://attack.mitre.org/techniques/T1003/002"
+ },
+ "t1596.002": {
+ "technique_id": "T1596.002",
+ "technique": "Search Open Technical Databases : WHOIS",
+ "url": "https://attack.mitre.org/techniques/T1596/002"
+ },
+ "t1542.001": {
+ "technique_id": "T1542.001",
+ "technique": "Pre-OS Boot : System Firmware",
+ "url": "https://attack.mitre.org/techniques/T1542/001"
+ },
+ "t1069.003": {
+ "technique_id": "T1069.003",
+ "technique": "Permission Groups Discovery : Cloud Groups",
+ "url": "https://attack.mitre.org/techniques/T1069/003"
+ },
+ "t1574.011": {
+ "technique_id": "T1574.011",
+ "technique": "Hijack Execution Flow : Services Registry Permissions Weakness",
+ "url": "https://attack.mitre.org/techniques/T1574/011"
+ },
+ "t1596.001": {
+ "technique_id": "T1596.001",
+ "technique": "Search Open Technical Databases : DNS/Passive DNS",
+ "url": "https://attack.mitre.org/techniques/T1596/001"
+ },
+ "t1499.003": {
+ "technique_id": "T1499.003",
+ "technique": "Endpoint Denial of Service : Application Exhaustion Flood",
+ "url": "https://attack.mitre.org/techniques/T1499/003"
+ },
+ "t1195.001": {
+ "technique_id": "T1195.001",
+ "technique": "Supply Chain Compromise : Compromise Software Dependencies and Development Tools",
+ "url": "https://attack.mitre.org/techniques/T1195/001"
+ },
+ "t1588.004": {
+ "technique_id": "T1588.004",
+ "technique": "Obtain Capabilities : Digital Certificates",
+ "url": "https://attack.mitre.org/techniques/T1588/004"
+ },
+ "t1583.002": {
+ "technique_id": "T1583.002",
+ "technique": "Acquire Infrastructure : DNS Server",
+ "url": "https://attack.mitre.org/techniques/T1583/002"
+ },
+ "t1071.004": {
+ "technique_id": "T1071.004",
+ "technique": "Application Layer Protocol : DNS",
+ "url": "https://attack.mitre.org/techniques/T1071/004"
+ },
+ "t1552.005": {
+ "technique_id": "T1552.005",
+ "technique": "Unsecured Credentials : Cloud Instance Metadata API",
+ "url": "https://attack.mitre.org/techniques/T1552/005"
+ },
+ "t1555.002": {
+ "technique_id": "T1555.002",
+ "technique": "Credentials from Password Stores : Securityd Memory",
+ "url": "https://attack.mitre.org/techniques/T1555/002"
+ },
+ "t1542.003": {
+ "technique_id": "T1542.003",
+ "technique": "Pre-OS Boot : Bootkit",
+ "url": "https://attack.mitre.org/techniques/T1542/003"
+ },
+ "t1218.013": {
+ "technique_id": "T1218.013",
+ "technique": "System Binary Proxy Execution : Mavinject",
+ "url": "https://attack.mitre.org/techniques/T1218/013"
+ },
+ "t1074.001": {
+ "technique_id": "T1074.001",
+ "technique": "Data Staged : Local Data Staging",
+ "url": "https://attack.mitre.org/techniques/T1074/001"
+ },
+ "t1036.005": {
+ "technique_id": "T1036.005",
+ "technique": "Masquerading : Match Legitimate Name or Location",
+ "url": "https://attack.mitre.org/techniques/T1036/005"
+ },
+ "t1587.003": {
+ "technique_id": "T1587.003",
+ "technique": "Develop Capabilities : Digital Certificates",
+ "url": "https://attack.mitre.org/techniques/T1587/003"
+ },
+ "t1565.001": {
+ "technique_id": "T1565.001",
+ "technique": "Data Manipulation : Stored Data Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1565/001"
+ },
+ "t1110.002": {
+ "technique_id": "T1110.002",
+ "technique": "Brute Force : Password Cracking",
+ "url": "https://attack.mitre.org/techniques/T1110/002"
+ },
+ "t1114.001": {
+ "technique_id": "T1114.001",
+ "technique": "Email Collection : Local Email Collection",
+ "url": "https://attack.mitre.org/techniques/T1114/001"
+ },
+ "t1555.001": {
+ "technique_id": "T1555.001",
+ "technique": "Credentials from Password Stores : Keychain",
+ "url": "https://attack.mitre.org/techniques/T1555/001"
+ },
+ "t1003.004": {
+ "technique_id": "T1003.004",
+ "technique": "OS Credential Dumping : LSA Secrets",
+ "url": "https://attack.mitre.org/techniques/T1003/004"
+ },
+ "t1606.002": {
+ "technique_id": "T1606.002",
+ "technique": "Forge Web Credentials : SAML Tokens",
+ "url": "https://attack.mitre.org/techniques/T1606/002"
+ },
+ "t1036.008": {
+ "technique_id": "T1036.008",
+ "technique": "Masquerading : Masquerade File Type",
+ "url": "https://attack.mitre.org/techniques/T1036/008"
+ },
+ "t1587.001": {
+ "technique_id": "T1587.001",
+ "technique": "Develop Capabilities : Malware",
+ "url": "https://attack.mitre.org/techniques/T1587/001"
+ },
+ "t1087.002": {
+ "technique_id": "T1087.002",
+ "technique": "Account Discovery : Domain Account",
+ "url": "https://attack.mitre.org/techniques/T1087/002"
+ },
+ "t1547.014": {
+ "technique_id": "T1547.014",
+ "technique": "Boot or Logon Autostart Execution : Active Setup",
+ "url": "https://attack.mitre.org/techniques/T1547/014"
+ },
+ "t1559.002": {
+ "technique_id": "T1559.002",
+ "technique": "Inter-Process Communication : Dynamic Data Exchange",
+ "url": "https://attack.mitre.org/techniques/T1559/002"
+ },
+ "t1204.002": {
+ "technique_id": "T1204.002",
+ "technique": "User Execution : Malicious File",
+ "url": "https://attack.mitre.org/techniques/T1204/002"
+ },
+ "t1591.003": {
+ "technique_id": "T1591.003",
+ "technique": "Gather Victim Org Information : Identify Business Tempo",
+ "url": "https://attack.mitre.org/techniques/T1591/003"
+ },
+ "t1592.001": {
+ "technique_id": "T1592.001",
+ "technique": "Gather Victim Host Information : Hardware",
+ "url": "https://attack.mitre.org/techniques/T1592/001"
+ },
+ "t1484.002": {
+ "technique_id": "T1484.002",
+ "technique": "Domain Policy Modification : Domain Trust Modification",
+ "url": "https://attack.mitre.org/techniques/T1484/002"
+ },
+ "t1573.001": {
+ "technique_id": "T1573.001",
+ "technique": "Encrypted Channel : Symmetric Cryptography",
+ "url": "https://attack.mitre.org/techniques/T1573/001"
+ },
+ "t1087.001": {
+ "technique_id": "T1087.001",
+ "technique": "Account Discovery : Local Account",
+ "url": "https://attack.mitre.org/techniques/T1087/001"
+ },
+ "t1586.001": {
+ "technique_id": "T1586.001",
+ "technique": "Compromise Accounts : Social Media Accounts",
+ "url": "https://attack.mitre.org/techniques/T1586/001"
+ },
+ "t1562.009": {
+ "technique_id": "T1562.009",
+ "technique": "Impair Defenses : Safe Mode Boot",
+ "url": "https://attack.mitre.org/techniques/T1562/009"
+ },
+ "t1542.005": {
+ "technique_id": "T1542.005",
+ "technique": "Pre-OS Boot : TFTP Boot",
+ "url": "https://attack.mitre.org/techniques/T1542/005"
+ },
+ "t1543.003": {
+ "technique_id": "T1543.003",
+ "technique": "Create or Modify System Process : Windows Service",
+ "url": "https://attack.mitre.org/techniques/T1543/003"
+ },
+ "t1568.001": {
+ "technique_id": "T1568.001",
+ "technique": "Dynamic Resolution : Fast Flux DNS",
+ "url": "https://attack.mitre.org/techniques/T1568/001"
+ },
+ "t1497.001": {
+ "technique_id": "T1497.001",
+ "technique": "Virtualization/Sandbox Evasion : System Checks",
+ "url": "https://attack.mitre.org/techniques/T1497/001"
+ },
+ "t1053.003": {
+ "technique_id": "T1053.003",
+ "technique": "Scheduled Task/Job : Cron",
+ "url": "https://attack.mitre.org/techniques/T1053/003"
+ },
+ "t1069.002": {
+ "technique_id": "T1069.002",
+ "technique": "Permission Groups Discovery : Domain Groups",
+ "url": "https://attack.mitre.org/techniques/T1069/002"
+ },
+ "t1588.006": {
+ "technique_id": "T1588.006",
+ "technique": "Obtain Capabilities : Vulnerabilities",
+ "url": "https://attack.mitre.org/techniques/T1588/006"
+ },
+ "t1566.002": {
+ "technique_id": "T1566.002",
+ "technique": "Phishing : Spearphishing Link",
+ "url": "https://attack.mitre.org/techniques/T1566/002"
+ },
+ "t1070.002": {
+ "technique_id": "T1070.002",
+ "technique": "Indicator Removal : Clear Linux or Mac System Logs",
+ "url": "https://attack.mitre.org/techniques/T1070/002"
+ },
+ "t1499.004": {
+ "technique_id": "T1499.004",
+ "technique": "Endpoint Denial of Service : Application or System Exploitation",
+ "url": "https://attack.mitre.org/techniques/T1499/004"
+ },
+ "t1218.004": {
+ "technique_id": "T1218.004",
+ "technique": "System Binary Proxy Execution : InstallUtil",
+ "url": "https://attack.mitre.org/techniques/T1218/004"
+ },
+ "t1598.003": {
+ "technique_id": "T1598.003",
+ "technique": "Phishing for Information : Spearphishing Link",
+ "url": "https://attack.mitre.org/techniques/T1598/003"
+ },
+ "t1021.004": {
+ "technique_id": "T1021.004",
+ "technique": "Remote Services : SSH",
+ "url": "https://attack.mitre.org/techniques/T1021/004"
+ },
+ "t1098.003": {
+ "technique_id": "T1098.003",
+ "technique": "Account Manipulation : Additional Cloud Roles",
+ "url": "https://attack.mitre.org/techniques/T1098/003"
+ },
+ "t1547.012": {
+ "technique_id": "T1547.012",
+ "technique": "Boot or Logon Autostart Execution : Print Processors",
+ "url": "https://attack.mitre.org/techniques/T1547/012"
+ },
+ "t1566.001": {
+ "technique_id": "T1566.001",
+ "technique": "Phishing : Spearphishing Attachment",
+ "url": "https://attack.mitre.org/techniques/T1566/001"
+ },
+ "t1027.008": {
+ "technique_id": "T1027.008",
+ "technique": "Obfuscated Files or Information : Stripped Payloads",
+ "url": "https://attack.mitre.org/techniques/T1027/008"
+ },
+ "t1559.001": {
+ "technique_id": "T1559.001",
+ "technique": "Inter-Process Communication : Component Object Model",
+ "url": "https://attack.mitre.org/techniques/T1559/001"
+ },
+ "t1574.001": {
+ "technique_id": "T1574.001",
+ "technique": "Hijack Execution Flow : DLL Search Order Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1574/001"
+ },
+ "t1003.007": {
+ "technique_id": "T1003.007",
+ "technique": "OS Credential Dumping : Proc Filesystem",
+ "url": "https://attack.mitre.org/techniques/T1003/007"
+ },
+ "t1583.005": {
+ "technique_id": "T1583.005",
+ "technique": "Acquire Infrastructure : Botnet",
+ "url": "https://attack.mitre.org/techniques/T1583/005"
+ },
+ "t1555.005": {
+ "technique_id": "T1555.005",
+ "technique": "Credentials from Password Stores : Password Managers",
+ "url": "https://attack.mitre.org/techniques/T1555/005"
+ },
+ "t1553.001": {
+ "technique_id": "T1553.001",
+ "technique": "Subvert Trust Controls : Gatekeeper Bypass",
+ "url": "https://attack.mitre.org/techniques/T1553/001"
+ },
+ "t1608.004": {
+ "technique_id": "T1608.004",
+ "technique": "Stage Capabilities : Drive-by Target",
+ "url": "https://attack.mitre.org/techniques/T1608/004"
+ },
+ "t1553.002": {
+ "technique_id": "T1553.002",
+ "technique": "Subvert Trust Controls : Code Signing",
+ "url": "https://attack.mitre.org/techniques/T1553/002"
+ },
+ "t1565.003": {
+ "technique_id": "T1565.003",
+ "technique": "Data Manipulation : Runtime Data Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1565/003"
+ },
+ "t1552.002": {
+ "technique_id": "T1552.002",
+ "technique": "Unsecured Credentials : Credentials in Registry",
+ "url": "https://attack.mitre.org/techniques/T1552/002"
+ },
+ "t1036.009": {
+ "technique_id": "T1036.009",
+ "technique": "Masquerading : Break Process Trees",
+ "url": "https://attack.mitre.org/techniques/T1036/009"
+ },
+ "t1590.004": {
+ "technique_id": "T1590.004",
+ "technique": "Gather Victim Network Information : Network Topology",
+ "url": "https://attack.mitre.org/techniques/T1590/004"
+ },
+ "t1587.002": {
+ "technique_id": "T1587.002",
+ "technique": "Develop Capabilities : Code Signing Certificates",
+ "url": "https://attack.mitre.org/techniques/T1587/002"
+ },
+ "t1222.001": {
+ "technique_id": "T1222.001",
+ "technique": "File and Directory Permissions Modification : Windows File and Directory Permissions Modification",
+ "url": "https://attack.mitre.org/techniques/T1222/001"
+ },
+ "t1137.006": {
+ "technique_id": "T1137.006",
+ "technique": "Office Application Startup : Add-ins",
+ "url": "https://attack.mitre.org/techniques/T1137/006"
+ },
+ "t1505.002": {
+ "technique_id": "T1505.002",
+ "technique": "Server Software Component : Transport Agent",
+ "url": "https://attack.mitre.org/techniques/T1505/002"
+ },
+ "t1074.002": {
+ "technique_id": "T1074.002",
+ "technique": "Data Staged : Remote Data Staging",
+ "url": "https://attack.mitre.org/techniques/T1074/002"
+ },
+ "t1098.006": {
+ "technique_id": "T1098.006",
+ "technique": "Account Manipulation : Additional Container Cluster Roles",
+ "url": "https://attack.mitre.org/techniques/T1098/006"
+ },
+ "t1218.007": {
+ "technique_id": "T1218.007",
+ "technique": "System Binary Proxy Execution : Msiexec",
+ "url": "https://attack.mitre.org/techniques/T1218/007"
+ },
+ "t1590.003": {
+ "technique_id": "T1590.003",
+ "technique": "Gather Victim Network Information : Network Trust Dependencies",
+ "url": "https://attack.mitre.org/techniques/T1590/003"
+ },
+ "t1498.002": {
+ "technique_id": "T1498.002",
+ "technique": "Network Denial of Service : Reflection Amplification",
+ "url": "https://attack.mitre.org/techniques/T1498/002"
+ },
+ "t1556.002": {
+ "technique_id": "T1556.002",
+ "technique": "Modify Authentication Process : Password Filter DLL",
+ "url": "https://attack.mitre.org/techniques/T1556/002"
+ },
+ "t1505.005": {
+ "technique_id": "T1505.005",
+ "technique": "Server Software Component : Terminal Services DLL",
+ "url": "https://attack.mitre.org/techniques/T1505/005"
+ },
+ "t1059.002": {
+ "technique_id": "T1059.002",
+ "technique": "Command and Scripting Interpreter : AppleScript",
+ "url": "https://attack.mitre.org/techniques/T1059/002"
+ },
+ "t1499.002": {
+ "technique_id": "T1499.002",
+ "technique": "Endpoint Denial of Service : Service Exhaustion Flood",
+ "url": "https://attack.mitre.org/techniques/T1499/002"
+ },
+ "t1195.003": {
+ "technique_id": "T1195.003",
+ "technique": "Supply Chain Compromise : Compromise Hardware Supply Chain",
+ "url": "https://attack.mitre.org/techniques/T1195/003"
+ },
+ "t1070.007": {
+ "technique_id": "T1070.007",
+ "technique": "Indicator Removal : Clear Network Connection History and Configurations",
+ "url": "https://attack.mitre.org/techniques/T1070/007"
+ },
+ "t1558.004": {
+ "technique_id": "T1558.004",
+ "technique": "Steal or Forge Kerberos Tickets : AS-REP Roasting",
+ "url": "https://attack.mitre.org/techniques/T1558/004"
+ },
+ "t1584.003": {
+ "technique_id": "T1584.003",
+ "technique": "Compromise Infrastructure : Virtual Private Server",
+ "url": "https://attack.mitre.org/techniques/T1584/003"
+ },
+ "t1600.001": {
+ "technique_id": "T1600.001",
+ "technique": "Weaken Encryption : Reduce Key Space",
+ "url": "https://attack.mitre.org/techniques/T1600/001"
+ },
+ "t1070.003": {
+ "technique_id": "T1070.003",
+ "technique": "Indicator Removal : Clear Command History",
+ "url": "https://attack.mitre.org/techniques/T1070/003"
+ },
+ "t1137.005": {
+ "technique_id": "T1137.005",
+ "technique": "Office Application Startup : Outlook Rules",
+ "url": "https://attack.mitre.org/techniques/T1137/005"
+ },
+ "t1586.003": {
+ "technique_id": "T1586.003",
+ "technique": "Compromise Accounts : Cloud Accounts",
+ "url": "https://attack.mitre.org/techniques/T1586/003"
+ },
+ "t1586.002": {
+ "technique_id": "T1586.002",
+ "technique": "Compromise Accounts : Email Accounts",
+ "url": "https://attack.mitre.org/techniques/T1586/002"
+ },
+ "t1608.001": {
+ "technique_id": "T1608.001",
+ "technique": "Stage Capabilities : Upload Malware",
+ "url": "https://attack.mitre.org/techniques/T1608/001"
+ },
+ "t1583.001": {
+ "technique_id": "T1583.001",
+ "technique": "Acquire Infrastructure : Domains",
+ "url": "https://attack.mitre.org/techniques/T1583/001"
+ },
+ "t1560.002": {
+ "technique_id": "T1560.002",
+ "technique": "Archive Collected Data : Archive via Library",
+ "url": "https://attack.mitre.org/techniques/T1560/002"
+ },
+ "t1055.003": {
+ "technique_id": "T1055.003",
+ "technique": "Process Injection : Thread Execution Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1055/003"
+ },
+ "t1546.011": {
+ "technique_id": "T1546.011",
+ "technique": "Event Triggered Execution : Application Shimming",
+ "url": "https://attack.mitre.org/techniques/T1546/011"
+ },
+ "t1547.010": {
+ "technique_id": "T1547.010",
+ "technique": "Boot or Logon Autostart Execution : Port Monitors",
+ "url": "https://attack.mitre.org/techniques/T1547/010"
+ },
+ "t1070.008": {
+ "technique_id": "T1070.008",
+ "technique": "Indicator Removal : Clear Mailbox Data",
+ "url": "https://attack.mitre.org/techniques/T1070/008"
+ },
+ "t1037.002": {
+ "technique_id": "T1037.002",
+ "technique": "Boot or Logon Initialization Scripts : Login Hook",
+ "url": "https://attack.mitre.org/techniques/T1037/002"
+ },
+ "t1567.004": {
+ "technique_id": "T1567.004",
+ "technique": "Exfiltration Over Web Service : Exfiltration Over Webhook",
+ "url": "https://attack.mitre.org/techniques/T1567/004"
+ },
+ "t1021.008": {
+ "technique_id": "T1021.008",
+ "technique": "Remote Services : Direct Cloud VM Connections",
+ "url": "https://attack.mitre.org/techniques/T1021/008"
+ },
+ "t1070.006": {
+ "technique_id": "T1070.006",
+ "technique": "Indicator Removal : Timestomp",
+ "url": "https://attack.mitre.org/techniques/T1070/006"
+ },
+ "t1016.002": {
+ "technique_id": "T1016.002",
+ "technique": "System Network Configuration Discovery : Wi-Fi Discovery",
+ "url": "https://attack.mitre.org/techniques/T1016/002"
+ },
+ "t1564.011": {
+ "technique_id": "T1564.011",
+ "technique": "Hide Artifacts : Ignore Process Interrupts",
+ "url": "https://attack.mitre.org/techniques/T1564/011"
+ },
+ "t1547.009": {
+ "technique_id": "T1547.009",
+ "technique": "Boot or Logon Autostart Execution : Shortcut Modification",
+ "url": "https://attack.mitre.org/techniques/T1547/009"
+ },
+ "t1087.003": {
+ "technique_id": "T1087.003",
+ "technique": "Account Discovery : Email Account",
+ "url": "https://attack.mitre.org/techniques/T1087/003"
+ },
+ "t1497.003": {
+ "technique_id": "T1497.003",
+ "technique": "Virtualization/Sandbox Evasion : Time Based Evasion",
+ "url": "https://attack.mitre.org/techniques/T1497/003"
+ },
+ "t1218.003": {
+ "technique_id": "T1218.003",
+ "technique": "System Binary Proxy Execution : CMSTP",
+ "url": "https://attack.mitre.org/techniques/T1218/003"
+ },
+ "t1563.001": {
+ "technique_id": "T1563.001",
+ "technique": "Remote Service Session Hijacking : SSH Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1563/001"
+ },
+ "t1562.002": {
+ "technique_id": "T1562.002",
+ "technique": "Impair Defenses : Disable Windows Event Logging",
+ "url": "https://attack.mitre.org/techniques/T1562/002"
+ },
+ "t1021.002": {
+ "technique_id": "T1021.002",
+ "technique": "Remote Services : SMB/Windows Admin Shares",
+ "url": "https://attack.mitre.org/techniques/T1021/002"
+ },
+ "t1218.002": {
+ "technique_id": "T1218.002",
+ "technique": "System Binary Proxy Execution : Control Panel",
+ "url": "https://attack.mitre.org/techniques/T1218/002"
+ },
+ "t1599.001": {
+ "technique_id": "T1599.001",
+ "technique": "Network Boundary Bridging : Network Address Translation Traversal",
+ "url": "https://attack.mitre.org/techniques/T1599/001"
+ },
+ "t1608.002": {
+ "technique_id": "T1608.002",
+ "technique": "Stage Capabilities : Upload Tool",
+ "url": "https://attack.mitre.org/techniques/T1608/002"
+ },
+ "t1547.005": {
+ "technique_id": "T1547.005",
+ "technique": "Boot or Logon Autostart Execution : Security Support Provider",
+ "url": "https://attack.mitre.org/techniques/T1547/005"
+ },
+ "t1597.001": {
+ "technique_id": "T1597.001",
+ "technique": "Search Closed Sources : Threat Intel Vendors",
+ "url": "https://attack.mitre.org/techniques/T1597/001"
+ },
+ "t1602.002": {
+ "technique_id": "T1602.002",
+ "technique": "Data from Configuration Repository : Network Device Configuration Dump",
+ "url": "https://attack.mitre.org/techniques/T1602/002"
+ },
+ "t1562.004": {
+ "technique_id": "T1562.004",
+ "technique": "Impair Defenses : Disable or Modify System Firewall",
+ "url": "https://attack.mitre.org/techniques/T1562/004"
+ },
+ "t1553.003": {
+ "technique_id": "T1553.003",
+ "technique": "Subvert Trust Controls : SIP and Trust Provider Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1553/003"
+ },
+ "t1071.003": {
+ "technique_id": "T1071.003",
+ "technique": "Application Layer Protocol : Mail Protocols",
+ "url": "https://attack.mitre.org/techniques/T1071/003"
+ },
+ "t1556.007": {
+ "technique_id": "T1556.007",
+ "technique": "Modify Authentication Process : Hybrid Identity",
+ "url": "https://attack.mitre.org/techniques/T1556/007"
+ },
+ "t1595.002": {
+ "technique_id": "T1595.002",
+ "technique": "Active Scanning : Vulnerability Scanning",
+ "url": "https://attack.mitre.org/techniques/T1595/002"
+ },
+ "t1059.009": {
+ "technique_id": "T1059.009",
+ "technique": "Command and Scripting Interpreter : Cloud API",
+ "url": "https://attack.mitre.org/techniques/T1059/009"
+ },
+ "t1562.012": {
+ "technique_id": "T1562.012",
+ "technique": "Impair Defenses : Disable or Modify Linux Audit System",
+ "url": "https://attack.mitre.org/techniques/T1562/012"
+ },
+ "t1553.006": {
+ "technique_id": "T1553.006",
+ "technique": "Subvert Trust Controls : Code Signing Policy Modification",
+ "url": "https://attack.mitre.org/techniques/T1553/006"
+ },
+ "t1543.004": {
+ "technique_id": "T1543.004",
+ "technique": "Create or Modify System Process : Launch Daemon",
+ "url": "https://attack.mitre.org/techniques/T1543/004"
+ },
+ "t1555.003": {
+ "technique_id": "T1555.003",
+ "technique": "Credentials from Password Stores : Credentials from Web Browsers",
+ "url": "https://attack.mitre.org/techniques/T1555/003"
+ },
+ "t1574.008": {
+ "technique_id": "T1574.008",
+ "technique": "Hijack Execution Flow : Path Interception by Search Order Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1574/008"
+ },
+ "t1557.003": {
+ "technique_id": "T1557.003",
+ "technique": "Adversary-in-the-Middle : DHCP Spoofing",
+ "url": "https://attack.mitre.org/techniques/T1557/003"
+ },
+ "t1027.001": {
+ "technique_id": "T1027.001",
+ "technique": "Obfuscated Files or Information : Binary Padding",
+ "url": "https://attack.mitre.org/techniques/T1027/001"
+ },
+ "t1505.003": {
+ "technique_id": "T1505.003",
+ "technique": "Server Software Component : Web Shell",
+ "url": "https://attack.mitre.org/techniques/T1505/003"
+ },
+ "t1484.001": {
+ "technique_id": "T1484.001",
+ "technique": "Domain Policy Modification : Group Policy Modification",
+ "url": "https://attack.mitre.org/techniques/T1484/001"
+ },
+ "t1552.004": {
+ "technique_id": "T1552.004",
+ "technique": "Unsecured Credentials : Private Keys",
+ "url": "https://attack.mitre.org/techniques/T1552/004"
+ },
+ "t1583.004": {
+ "technique_id": "T1583.004",
+ "technique": "Acquire Infrastructure : Server",
+ "url": "https://attack.mitre.org/techniques/T1583/004"
+ },
+ "t1021.006": {
+ "technique_id": "T1021.006",
+ "technique": "Remote Services : Windows Remote Management",
+ "url": "https://attack.mitre.org/techniques/T1021/006"
+ },
+ "t1011.001": {
+ "technique_id": "T1011.001",
+ "technique": "Exfiltration Over Other Network Medium : Exfiltration Over Bluetooth",
+ "url": "https://attack.mitre.org/techniques/T1011/001"
+ },
+ "t1078.001": {
+ "technique_id": "T1078.001",
+ "technique": "Valid Accounts : Default Accounts",
+ "url": "https://attack.mitre.org/techniques/T1078/001"
+ },
+ "t1547.003": {
+ "technique_id": "T1547.003",
+ "technique": "Boot or Logon Autostart Execution : Time Providers",
+ "url": "https://attack.mitre.org/techniques/T1547/003"
+ },
+ "t1546.005": {
+ "technique_id": "T1546.005",
+ "technique": "Event Triggered Execution : Trap",
+ "url": "https://attack.mitre.org/techniques/T1546/005"
+ },
+ "t1574.006": {
+ "technique_id": "T1574.006",
+ "technique": "Hijack Execution Flow : Dynamic Linker Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1574/006"
+ },
+ "t1136.001": {
+ "technique_id": "T1136.001",
+ "technique": "Create Account : Local Account",
+ "url": "https://attack.mitre.org/techniques/T1136/001"
+ },
+ "t1070.001": {
+ "technique_id": "T1070.001",
+ "technique": "Indicator Removal : Clear Windows Event Logs",
+ "url": "https://attack.mitre.org/techniques/T1070/001"
+ },
+ "t1585.002": {
+ "technique_id": "T1585.002",
+ "technique": "Establish Accounts : Email Accounts",
+ "url": "https://attack.mitre.org/techniques/T1585/002"
+ },
+ "t1557.001": {
+ "technique_id": "T1557.001",
+ "technique": "Adversary-in-the-Middle : LLMNR/NBT-NS Poisoning and SMB Relay",
+ "url": "https://attack.mitre.org/techniques/T1557/001"
+ },
+ "t1003.001": {
+ "technique_id": "T1003.001",
+ "technique": "OS Credential Dumping : LSASS Memory",
+ "url": "https://attack.mitre.org/techniques/T1003/001"
+ },
+ "t1134.002": {
+ "technique_id": "T1134.002",
+ "technique": "Access Token Manipulation : Create Process with Token",
+ "url": "https://attack.mitre.org/techniques/T1134/002"
+ },
+ "t1548.001": {
+ "technique_id": "T1548.001",
+ "technique": "Abuse Elevation Control Mechanism : Setuid and Setgid",
+ "url": "https://attack.mitre.org/techniques/T1548/001"
+ },
+ "t1547.004": {
+ "technique_id": "T1547.004",
+ "technique": "Boot or Logon Autostart Execution : Winlogon Helper DLL",
+ "url": "https://attack.mitre.org/techniques/T1547/004"
+ },
+ "t1021.003": {
+ "technique_id": "T1021.003",
+ "technique": "Remote Services : Distributed Component Object Model",
+ "url": "https://attack.mitre.org/techniques/T1021/003"
+ },
+ "t1110.003": {
+ "technique_id": "T1110.003",
+ "technique": "Brute Force : Password Spraying",
+ "url": "https://attack.mitre.org/techniques/T1110/003"
+ },
+ "t1090.002": {
+ "technique_id": "T1090.002",
+ "technique": "Proxy : External Proxy",
+ "url": "https://attack.mitre.org/techniques/T1090/002"
+ },
+ "t1056.003": {
+ "technique_id": "T1056.003",
+ "technique": "Input Capture : Web Portal Capture",
+ "url": "https://attack.mitre.org/techniques/T1056/003"
+ },
+ "t1589.002": {
+ "technique_id": "T1589.002",
+ "technique": "Gather Victim Identity Information : Email Addresses",
+ "url": "https://attack.mitre.org/techniques/T1589/002"
+ },
+ "t1598.004": {
+ "technique_id": "T1598.004",
+ "technique": "Phishing for Information : Spearphishing Voice",
+ "url": "https://attack.mitre.org/techniques/T1598/004"
+ },
+ "t1003.005": {
+ "technique_id": "T1003.005",
+ "technique": "OS Credential Dumping : Cached Domain Credentials",
+ "url": "https://attack.mitre.org/techniques/T1003/005"
+ },
+ "t1098.004": {
+ "technique_id": "T1098.004",
+ "technique": "Account Manipulation : SSH Authorized Keys",
+ "url": "https://attack.mitre.org/techniques/T1098/004"
+ },
+ "t1590.006": {
+ "technique_id": "T1590.006",
+ "technique": "Gather Victim Network Information : Network Security Appliances",
+ "url": "https://attack.mitre.org/techniques/T1590/006"
+ },
+ "t1546.012": {
+ "technique_id": "T1546.012",
+ "technique": "Event Triggered Execution : Image File Execution Options Injection",
+ "url": "https://attack.mitre.org/techniques/T1546/012"
+ },
+ "t1218.008": {
+ "technique_id": "T1218.008",
+ "technique": "System Binary Proxy Execution : Odbcconf",
+ "url": "https://attack.mitre.org/techniques/T1218/008"
+ },
+ "t1593.002": {
+ "technique_id": "T1593.002",
+ "technique": "Search Open Websites/Domains : Search Engines",
+ "url": "https://attack.mitre.org/techniques/T1593/002"
+ },
+ "t1591.002": {
+ "technique_id": "T1591.002",
+ "technique": "Gather Victim Org Information : Business Relationships",
+ "url": "https://attack.mitre.org/techniques/T1591/002"
+ },
+ "t1548.005": {
+ "technique_id": "T1548.005",
+ "technique": "Abuse Elevation Control Mechanism : Temporary Elevated Cloud Access",
+ "url": "https://attack.mitre.org/techniques/T1548/005"
+ },
+ "t1055.013": {
+ "technique_id": "T1055.013",
+ "technique": "Process Injection : Process Doppelg\u00e4nging",
+ "url": "https://attack.mitre.org/techniques/T1055/013"
+ },
+ "t1578.003": {
+ "technique_id": "T1578.003",
+ "technique": "Modify Cloud Compute Infrastructure : Delete Cloud Instance",
+ "url": "https://attack.mitre.org/techniques/T1578/003"
+ },
+ "t1593.003": {
+ "technique_id": "T1593.003",
+ "technique": "Search Open Websites/Domains : Code Repositories",
+ "url": "https://attack.mitre.org/techniques/T1593/003"
+ },
+ "t1574.005": {
+ "technique_id": "T1574.005",
+ "technique": "Hijack Execution Flow : Executable Installer File Permissions Weakness",
+ "url": "https://attack.mitre.org/techniques/T1574/005"
+ },
+ "t1546.008": {
+ "technique_id": "T1546.008",
+ "technique": "Event Triggered Execution : Accessibility Features",
+ "url": "https://attack.mitre.org/techniques/T1546/008"
+ },
+ "t1562.006": {
+ "technique_id": "T1562.006",
+ "technique": "Impair Defenses : Indicator Blocking",
+ "url": "https://attack.mitre.org/techniques/T1562/006"
+ },
+ "t1136.002": {
+ "technique_id": "T1136.002",
+ "technique": "Create Account : Domain Account",
+ "url": "https://attack.mitre.org/techniques/T1136/002"
+ },
+ "t1589.003": {
+ "technique_id": "T1589.003",
+ "technique": "Gather Victim Identity Information : Employee Names",
+ "url": "https://attack.mitre.org/techniques/T1589/003"
+ },
+ "t1558.001": {
+ "technique_id": "T1558.001",
+ "technique": "Steal or Forge Kerberos Tickets : Golden Ticket",
+ "url": "https://attack.mitre.org/techniques/T1558/001"
+ },
+ "t1592.004": {
+ "technique_id": "T1592.004",
+ "technique": "Gather Victim Host Information : Client Configurations",
+ "url": "https://attack.mitre.org/techniques/T1592/004"
+ },
+ "t1562.007": {
+ "technique_id": "T1562.007",
+ "technique": "Impair Defenses : Disable or Modify Cloud Firewall",
+ "url": "https://attack.mitre.org/techniques/T1562/007"
+ },
+ "t1036.002": {
+ "technique_id": "T1036.002",
+ "technique": "Masquerading : Right-to-Left Override",
+ "url": "https://attack.mitre.org/techniques/T1036/002"
+ },
+ "t1588.001": {
+ "technique_id": "T1588.001",
+ "technique": "Obtain Capabilities : Malware",
+ "url": "https://attack.mitre.org/techniques/T1588/001"
+ },
+ "t1542.002": {
+ "technique_id": "T1542.002",
+ "technique": "Pre-OS Boot : Component Firmware",
+ "url": "https://attack.mitre.org/techniques/T1542/002"
+ },
+ "t1048.001": {
+ "technique_id": "T1048.001",
+ "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Symmetric Encrypted Non-C2 Protocol",
+ "url": "https://attack.mitre.org/techniques/T1048/001"
+ },
+ "t1137.001": {
+ "technique_id": "T1137.001",
+ "technique": "Office Application Startup : Office Template Macros",
+ "url": "https://attack.mitre.org/techniques/T1137/001"
+ },
+ "t1583.003": {
+ "technique_id": "T1583.003",
+ "technique": "Acquire Infrastructure : Virtual Private Server",
+ "url": "https://attack.mitre.org/techniques/T1583/003"
+ },
+ "t1213.001": {
+ "technique_id": "T1213.001",
+ "technique": "Data from Information Repositories : Confluence",
+ "url": "https://attack.mitre.org/techniques/T1213/001"
+ },
+ "t1550.003": {
+ "technique_id": "T1550.003",
+ "technique": "Use Alternate Authentication Material : Pass the Ticket",
+ "url": "https://attack.mitre.org/techniques/T1550/003"
+ },
+ "t1036.004": {
+ "technique_id": "T1036.004",
+ "technique": "Masquerading : Masquerade Task or Service",
+ "url": "https://attack.mitre.org/techniques/T1036/004"
+ },
+ "t1055.004": {
+ "technique_id": "T1055.004",
+ "technique": "Process Injection : Asynchronous Procedure Call",
+ "url": "https://attack.mitre.org/techniques/T1055/004"
+ },
+ "t1020.001": {
+ "technique_id": "T1020.001",
+ "technique": "Automated Exfiltration : Traffic Duplication",
+ "url": "https://attack.mitre.org/techniques/T1020/001"
+ },
+ "t1546.009": {
+ "technique_id": "T1546.009",
+ "technique": "Event Triggered Execution : AppCert DLLs",
+ "url": "https://attack.mitre.org/techniques/T1546/009"
+ },
+ "t1114.003": {
+ "technique_id": "T1114.003",
+ "technique": "Email Collection : Email Forwarding Rule",
+ "url": "https://attack.mitre.org/techniques/T1114/003"
+ },
+ "t1098.005": {
+ "technique_id": "T1098.005",
+ "technique": "Account Manipulation : Device Registration",
+ "url": "https://attack.mitre.org/techniques/T1098/005"
+ },
+ "t1553.005": {
+ "technique_id": "T1553.005",
+ "technique": "Subvert Trust Controls : Mark-of-the-Web Bypass",
+ "url": "https://attack.mitre.org/techniques/T1553/005"
+ },
+ "t1600.002": {
+ "technique_id": "T1600.002",
+ "technique": "Weaken Encryption : Disable Crypto Hardware",
+ "url": "https://attack.mitre.org/techniques/T1600/002"
+ },
+ "t1055.002": {
+ "technique_id": "T1055.002",
+ "technique": "Process Injection : Portable Executable Injection",
+ "url": "https://attack.mitre.org/techniques/T1055/002"
+ },
+ "t1218.012": {
+ "technique_id": "T1218.012",
+ "technique": "System Binary Proxy Execution : Verclsid",
+ "url": "https://attack.mitre.org/techniques/T1218/012"
+ },
+ "t1569.001": {
+ "technique_id": "T1569.001",
+ "technique": "System Services : Launchctl",
+ "url": "https://attack.mitre.org/techniques/T1569/001"
+ },
+ "t1584.005": {
+ "technique_id": "T1584.005",
+ "technique": "Compromise Infrastructure : Botnet",
+ "url": "https://attack.mitre.org/techniques/T1584/005"
+ },
+ "t1059.008": {
+ "technique_id": "T1059.008",
+ "technique": "Command and Scripting Interpreter : Network Device CLI",
+ "url": "https://attack.mitre.org/techniques/T1059/008"
+ },
+ "t1552.003": {
+ "technique_id": "T1552.003",
+ "technique": "Unsecured Credentials : Bash History",
+ "url": "https://attack.mitre.org/techniques/T1552/003"
+ },
+ "t1562.010": {
+ "technique_id": "T1562.010",
+ "technique": "Impair Defenses : Downgrade Attack",
+ "url": "https://attack.mitre.org/techniques/T1562/010"
+ },
+ "t1559.003": {
+ "technique_id": "T1559.003",
+ "technique": "Inter-Process Communication : XPC Services",
+ "url": "https://attack.mitre.org/techniques/T1559/003"
+ },
+ "t1552.001": {
+ "technique_id": "T1552.001",
+ "technique": "Unsecured Credentials : Credentials In Files",
+ "url": "https://attack.mitre.org/techniques/T1552/001"
+ },
+ "t1568.003": {
+ "technique_id": "T1568.003",
+ "technique": "Dynamic Resolution : DNS Calculation",
+ "url": "https://attack.mitre.org/techniques/T1568/003"
+ },
+ "t1218.005": {
+ "technique_id": "T1218.005",
+ "technique": "System Binary Proxy Execution : Mshta",
+ "url": "https://attack.mitre.org/techniques/T1218/005"
+ },
+ "t1547.015": {
+ "technique_id": "T1547.015",
+ "technique": "Boot or Logon Autostart Execution : Login Items",
+ "url": "https://attack.mitre.org/techniques/T1547/015"
+ },
+ "t1608.005": {
+ "technique_id": "T1608.005",
+ "technique": "Stage Capabilities : Link Target",
+ "url": "https://attack.mitre.org/techniques/T1608/005"
+ },
+ "t1606.001": {
+ "technique_id": "T1606.001",
+ "technique": "Forge Web Credentials : Web Cookies",
+ "url": "https://attack.mitre.org/techniques/T1606/001"
+ },
+ "t1134.001": {
+ "technique_id": "T1134.001",
+ "technique": "Access Token Manipulation : Token Impersonation/Theft",
+ "url": "https://attack.mitre.org/techniques/T1134/001"
+ },
+ "t1567.001": {
+ "technique_id": "T1567.001",
+ "technique": "Exfiltration Over Web Service : Exfiltration to Code Repository",
+ "url": "https://attack.mitre.org/techniques/T1567/001"
+ },
+ "t1021.007": {
+ "technique_id": "T1021.007",
+ "technique": "Remote Services : Cloud Services",
+ "url": "https://attack.mitre.org/techniques/T1021/007"
+ },
+ "t1205.001": {
+ "technique_id": "T1205.001",
+ "technique": "Traffic Signaling : Port Knocking",
+ "url": "https://attack.mitre.org/techniques/T1205/001"
+ },
+ "t1027.012": {
+ "technique_id": "T1027.012",
+ "technique": "Obfuscated Files or Information : LNK Icon Smuggling",
+ "url": "https://attack.mitre.org/techniques/T1027/012"
+ },
+ "t1583.006": {
+ "technique_id": "T1583.006",
+ "technique": "Acquire Infrastructure : Web Services",
+ "url": "https://attack.mitre.org/techniques/T1583/006"
+ },
+ "t1598.002": {
+ "technique_id": "T1598.002",
+ "technique": "Phishing for Information : Spearphishing Attachment",
+ "url": "https://attack.mitre.org/techniques/T1598/002"
+ },
+ "t1098.001": {
+ "technique_id": "T1098.001",
+ "technique": "Account Manipulation : Additional Cloud Credentials",
+ "url": "https://attack.mitre.org/techniques/T1098/001"
+ },
+ "t1491.001": {
+ "technique_id": "T1491.001",
+ "technique": "Defacement : Internal Defacement",
+ "url": "https://attack.mitre.org/techniques/T1491/001"
+ },
+ "t1564.002": {
+ "technique_id": "T1564.002",
+ "technique": "Hide Artifacts : Hidden Users",
+ "url": "https://attack.mitre.org/techniques/T1564/002"
+ },
+ "t1134.003": {
+ "technique_id": "T1134.003",
+ "technique": "Access Token Manipulation : Make and Impersonate Token",
+ "url": "https://attack.mitre.org/techniques/T1134/003"
+ },
+ "t1552.006": {
+ "technique_id": "T1552.006",
+ "technique": "Unsecured Credentials : Group Policy Preferences",
+ "url": "https://attack.mitre.org/techniques/T1552/006"
+ },
+ "t1048.002": {
+ "technique_id": "T1048.002",
+ "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Asymmetric Encrypted Non-C2 Protocol",
+ "url": "https://attack.mitre.org/techniques/T1048/002"
+ },
+ "t1087.004": {
+ "technique_id": "T1087.004",
+ "technique": "Account Discovery : Cloud Account",
+ "url": "https://attack.mitre.org/techniques/T1087/004"
+ },
+ "t1562.003": {
+ "technique_id": "T1562.003",
+ "technique": "Impair Defenses : Impair Command History Logging",
+ "url": "https://attack.mitre.org/techniques/T1562/003"
+ },
+ "t1556.008": {
+ "technique_id": "T1556.008",
+ "technique": "Modify Authentication Process : Network Provider DLL",
+ "url": "https://attack.mitre.org/techniques/T1556/008"
+ },
+ "t1546.003": {
+ "technique_id": "T1546.003",
+ "technique": "Event Triggered Execution : Windows Management Instrumentation Event Subscription",
+ "url": "https://attack.mitre.org/techniques/T1546/003"
+ },
+ "t1596.004": {
+ "technique_id": "T1596.004",
+ "technique": "Search Open Technical Databases : CDNs",
+ "url": "https://attack.mitre.org/techniques/T1596/004"
+ },
+ "t1497.002": {
+ "technique_id": "T1497.002",
+ "technique": "Virtualization/Sandbox Evasion : User Activity Based Checks",
+ "url": "https://attack.mitre.org/techniques/T1497/002"
+ },
+ "t1585.003": {
+ "technique_id": "T1585.003",
+ "technique": "Establish Accounts : Cloud Accounts",
+ "url": "https://attack.mitre.org/techniques/T1585/003"
+ },
+ "t1134.004": {
+ "technique_id": "T1134.004",
+ "technique": "Access Token Manipulation : Parent PID Spoofing",
+ "url": "https://attack.mitre.org/techniques/T1134/004"
+ },
+ "t1552.008": {
+ "technique_id": "T1552.008",
+ "technique": "Unsecured Credentials : Chat Messages",
+ "url": "https://attack.mitre.org/techniques/T1552/008"
+ },
+ "t1059.001": {
+ "technique_id": "T1059.001",
+ "technique": "Command and Scripting Interpreter : PowerShell",
+ "url": "https://attack.mitre.org/techniques/T1059/001"
+ },
+ "t1546.001": {
+ "technique_id": "T1546.001",
+ "technique": "Event Triggered Execution : Change Default File Association",
+ "url": "https://attack.mitre.org/techniques/T1546/001"
+ },
+ "t1055.014": {
+ "technique_id": "T1055.014",
+ "technique": "Process Injection : VDSO Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1055/014"
+ },
+ "t1071.002": {
+ "technique_id": "T1071.002",
+ "technique": "Application Layer Protocol : File Transfer Protocols",
+ "url": "https://attack.mitre.org/techniques/T1071/002"
+ },
+ "t1546.014": {
+ "technique_id": "T1546.014",
+ "technique": "Event Triggered Execution : Emond",
+ "url": "https://attack.mitre.org/techniques/T1546/014"
+ },
+ "t1102.003": {
+ "technique_id": "T1102.003",
+ "technique": "Web Service : One-Way Communication",
+ "url": "https://attack.mitre.org/techniques/T1102/003"
+ },
+ "t1574.010": {
+ "technique_id": "T1574.010",
+ "technique": "Hijack Execution Flow : Services File Permissions Weakness",
+ "url": "https://attack.mitre.org/techniques/T1574/010"
+ },
+ "t1547.001": {
+ "technique_id": "T1547.001",
+ "technique": "Boot or Logon Autostart Execution : Registry Run Keys / Startup Folder",
+ "url": "https://attack.mitre.org/techniques/T1547/001"
+ },
+ "t1136.003": {
+ "technique_id": "T1136.003",
+ "technique": "Create Account : Cloud Account",
+ "url": "https://attack.mitre.org/techniques/T1136/003"
+ },
+ "t1069.001": {
+ "technique_id": "T1069.001",
+ "technique": "Permission Groups Discovery : Local Groups",
+ "url": "https://attack.mitre.org/techniques/T1069/001"
+ },
+ "t1547.006": {
+ "technique_id": "T1547.006",
+ "technique": "Boot or Logon Autostart Execution : Kernel Modules and Extensions",
+ "url": "https://attack.mitre.org/techniques/T1547/006"
+ },
+ "t1056.002": {
+ "technique_id": "T1056.002",
+ "technique": "Input Capture : GUI Input Capture",
+ "url": "https://attack.mitre.org/techniques/T1056/002"
+ },
+ "t1588.002": {
+ "technique_id": "T1588.002",
+ "technique": "Obtain Capabilities : Tool",
+ "url": "https://attack.mitre.org/techniques/T1588/002"
+ },
+ "t1052.001": {
+ "technique_id": "T1052.001",
+ "technique": "Exfiltration Over Physical Medium : Exfiltration over USB",
+ "url": "https://attack.mitre.org/techniques/T1052/001"
+ },
+ "t1574.013": {
+ "technique_id": "T1574.013",
+ "technique": "Hijack Execution Flow : KernelCallbackTable",
+ "url": "https://attack.mitre.org/techniques/T1574/013"
+ },
+ "t1053.006": {
+ "technique_id": "T1053.006",
+ "technique": "Scheduled Task/Job : Systemd Timers",
+ "url": "https://attack.mitre.org/techniques/T1053/006"
+ },
+ "t1542.004": {
+ "technique_id": "T1542.004",
+ "technique": "Pre-OS Boot : ROMMONkit",
+ "url": "https://attack.mitre.org/techniques/T1542/004"
+ },
+ "t1218.001": {
+ "technique_id": "T1218.001",
+ "technique": "System Binary Proxy Execution : Compiled HTML File",
+ "url": "https://attack.mitre.org/techniques/T1218/001"
+ },
+ "t1070.005": {
+ "technique_id": "T1070.005",
+ "technique": "Indicator Removal : Network Share Connection Removal",
+ "url": "https://attack.mitre.org/techniques/T1070/005"
+ },
+ "t1090.003": {
+ "technique_id": "T1090.003",
+ "technique": "Proxy : Multi-hop Proxy",
+ "url": "https://attack.mitre.org/techniques/T1090/003"
+ },
+ "t1059.004": {
+ "technique_id": "T1059.004",
+ "technique": "Command and Scripting Interpreter : Unix Shell",
+ "url": "https://attack.mitre.org/techniques/T1059/004"
+ },
+ "t1137.003": {
+ "technique_id": "T1137.003",
+ "technique": "Office Application Startup : Outlook Forms",
+ "url": "https://attack.mitre.org/techniques/T1137/003"
+ },
+ "t1562.001": {
+ "technique_id": "T1562.001",
+ "technique": "Impair Defenses : Disable or Modify Tools",
+ "url": "https://attack.mitre.org/techniques/T1562/001"
+ },
+ "t1584.006": {
+ "technique_id": "T1584.006",
+ "technique": "Compromise Infrastructure : Web Services",
+ "url": "https://attack.mitre.org/techniques/T1584/006"
+ },
+ "t1027.005": {
+ "technique_id": "T1027.005",
+ "technique": "Obfuscated Files or Information : Indicator Removal from Tools",
+ "url": "https://attack.mitre.org/techniques/T1027/005"
+ },
+ "t1204.003": {
+ "technique_id": "T1204.003",
+ "technique": "User Execution : Malicious Image",
+ "url": "https://attack.mitre.org/techniques/T1204/003"
+ },
+ "t1585.001": {
+ "technique_id": "T1585.001",
+ "technique": "Establish Accounts : Social Media Accounts",
+ "url": "https://attack.mitre.org/techniques/T1585/001"
+ },
+ "t1055.012": {
+ "technique_id": "T1055.012",
+ "technique": "Process Injection : Process Hollowing",
+ "url": "https://attack.mitre.org/techniques/T1055/012"
+ },
+ "t1564.009": {
+ "technique_id": "T1564.009",
+ "technique": "Hide Artifacts : Resource Forking",
+ "url": "https://attack.mitre.org/techniques/T1564/009"
+ },
+ "t1110.004": {
+ "technique_id": "T1110.004",
+ "technique": "Brute Force : Credential Stuffing",
+ "url": "https://attack.mitre.org/techniques/T1110/004"
+ },
+ "t1556.006": {
+ "technique_id": "T1556.006",
+ "technique": "Modify Authentication Process : Multi-Factor Authentication",
+ "url": "https://attack.mitre.org/techniques/T1556/006"
+ },
+ "t1114.002": {
+ "technique_id": "T1114.002",
+ "technique": "Email Collection : Remote Email Collection",
+ "url": "https://attack.mitre.org/techniques/T1114/002"
+ },
+ "t1505.004": {
+ "technique_id": "T1505.004",
+ "technique": "Server Software Component : IIS Components",
+ "url": "https://attack.mitre.org/techniques/T1505/004"
+ },
+ "t1036.001": {
+ "technique_id": "T1036.001",
+ "technique": "Masquerading : Invalid Code Signature",
+ "url": "https://attack.mitre.org/techniques/T1036/001"
+ },
+ "t1564.006": {
+ "technique_id": "T1564.006",
+ "technique": "Hide Artifacts : Run Virtual Instance",
+ "url": "https://attack.mitre.org/techniques/T1564/006"
+ },
+ "t1546.004": {
+ "technique_id": "T1546.004",
+ "technique": "Event Triggered Execution : Unix Shell Configuration Modification",
+ "url": "https://attack.mitre.org/techniques/T1546/004"
+ },
+ "t1134.005": {
+ "technique_id": "T1134.005",
+ "technique": "Access Token Manipulation : SID-History Injection",
+ "url": "https://attack.mitre.org/techniques/T1134/005"
+ },
+ "t1548.004": {
+ "technique_id": "T1548.004",
+ "technique": "Abuse Elevation Control Mechanism : Elevated Execution with Prompt",
+ "url": "https://attack.mitre.org/techniques/T1548/004"
+ },
+ "t1592.003": {
+ "technique_id": "T1592.003",
+ "technique": "Gather Victim Host Information : Firmware",
+ "url": "https://attack.mitre.org/techniques/T1592/003"
+ },
+ "t1547.002": {
+ "technique_id": "T1547.002",
+ "technique": "Boot or Logon Autostart Execution : Authentication Package",
+ "url": "https://attack.mitre.org/techniques/T1547/002"
+ },
+ "t1218.010": {
+ "technique_id": "T1218.010",
+ "technique": "System Binary Proxy Execution : Regsvr32",
+ "url": "https://attack.mitre.org/techniques/T1218/010"
+ },
+ "t1567.003": {
+ "technique_id": "T1567.003",
+ "technique": "Exfiltration Over Web Service : Exfiltration to Text Storage Sites",
+ "url": "https://attack.mitre.org/techniques/T1567/003"
+ },
+ "t1592.002": {
+ "technique_id": "T1592.002",
+ "technique": "Gather Victim Host Information : Software",
+ "url": "https://attack.mitre.org/techniques/T1592/002"
+ },
+ "t1566.004": {
+ "technique_id": "T1566.004",
+ "technique": "Phishing : Spearphishing Voice",
+ "url": "https://attack.mitre.org/techniques/T1566/004"
+ },
+ "t1587.004": {
+ "technique_id": "T1587.004",
+ "technique": "Develop Capabilities : Exploits",
+ "url": "https://attack.mitre.org/techniques/T1587/004"
+ },
+ "t1593.001": {
+ "technique_id": "T1593.001",
+ "technique": "Search Open Websites/Domains : Social Media",
+ "url": "https://attack.mitre.org/techniques/T1593/001"
+ },
+ "t1546.015": {
+ "technique_id": "T1546.015",
+ "technique": "Event Triggered Execution : Component Object Model Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1546/015"
+ },
+ "t1589.001": {
+ "technique_id": "T1589.001",
+ "technique": "Gather Victim Identity Information : Credentials",
+ "url": "https://attack.mitre.org/techniques/T1589/001"
+ },
+ "t1195.002": {
+ "technique_id": "T1195.002",
+ "technique": "Supply Chain Compromise : Compromise Software Supply Chain",
+ "url": "https://attack.mitre.org/techniques/T1195/002"
+ },
+ "t1036.003": {
+ "technique_id": "T1036.003",
+ "technique": "Masquerading : Rename System Utilities",
+ "url": "https://attack.mitre.org/techniques/T1036/003"
+ },
+ "t1102.002": {
+ "technique_id": "T1102.002",
+ "technique": "Web Service : Bidirectional Communication",
+ "url": "https://attack.mitre.org/techniques/T1102/002"
+ },
+ "t1595.003": {
+ "technique_id": "T1595.003",
+ "technique": "Active Scanning : Wordlist Scanning",
+ "url": "https://attack.mitre.org/techniques/T1595/003"
+ },
+ "t1562.011": {
+ "technique_id": "T1562.011",
+ "technique": "Impair Defenses : Spoof Security Alerting",
+ "url": "https://attack.mitre.org/techniques/T1562/011"
+ },
+ "t1137.004": {
+ "technique_id": "T1137.004",
+ "technique": "Office Application Startup : Outlook Home Page",
+ "url": "https://attack.mitre.org/techniques/T1137/004"
+ },
+ "t1573.002": {
+ "technique_id": "T1573.002",
+ "technique": "Encrypted Channel : Asymmetric Cryptography",
+ "url": "https://attack.mitre.org/techniques/T1573/002"
+ },
+ "t1567.002": {
+ "technique_id": "T1567.002",
+ "technique": "Exfiltration Over Web Service : Exfiltration to Cloud Storage",
+ "url": "https://attack.mitre.org/techniques/T1567/002"
+ },
+ "t1574.009": {
+ "technique_id": "T1574.009",
+ "technique": "Hijack Execution Flow : Path Interception by Unquoted Path",
+ "url": "https://attack.mitre.org/techniques/T1574/009"
+ },
+ "t1608.003": {
+ "technique_id": "T1608.003",
+ "technique": "Stage Capabilities : Install Digital Certificate",
+ "url": "https://attack.mitre.org/techniques/T1608/003"
+ },
+ "t1037.005": {
+ "technique_id": "T1037.005",
+ "technique": "Boot or Logon Initialization Scripts : Startup Items",
+ "url": "https://attack.mitre.org/techniques/T1037/005"
+ },
+ "t1614.001": {
+ "technique_id": "T1614.001",
+ "technique": "System Location Discovery : System Language Discovery",
+ "url": "https://attack.mitre.org/techniques/T1614/001"
+ },
+ "t1027.003": {
+ "technique_id": "T1027.003",
+ "technique": "Obfuscated Files or Information : Steganography",
+ "url": "https://attack.mitre.org/techniques/T1027/003"
+ },
+ "t1584.002": {
+ "technique_id": "T1584.002",
+ "technique": "Compromise Infrastructure : DNS Server",
+ "url": "https://attack.mitre.org/techniques/T1584/002"
+ },
+ "t1001.003": {
+ "technique_id": "T1001.003",
+ "technique": "Data Obfuscation : Protocol Impersonation",
+ "url": "https://attack.mitre.org/techniques/T1001/003"
+ },
+ "t1550.004": {
+ "technique_id": "T1550.004",
+ "technique": "Use Alternate Authentication Material : Web Session Cookie",
+ "url": "https://attack.mitre.org/techniques/T1550/004"
+ },
+ "t1078.002": {
+ "technique_id": "T1078.002",
+ "technique": "Valid Accounts : Domain Accounts",
+ "url": "https://attack.mitre.org/techniques/T1078/002"
+ },
+ "t1218.009": {
+ "technique_id": "T1218.009",
+ "technique": "System Binary Proxy Execution : Regsvcs/Regasm",
+ "url": "https://attack.mitre.org/techniques/T1218/009"
+ },
+ "t1553.004": {
+ "technique_id": "T1553.004",
+ "technique": "Subvert Trust Controls : Install Root Certificate",
+ "url": "https://attack.mitre.org/techniques/T1553/004"
+ },
+ "t1037.003": {
+ "technique_id": "T1037.003",
+ "technique": "Boot or Logon Initialization Scripts : Network Logon Script",
+ "url": "https://attack.mitre.org/techniques/T1037/003"
+ },
+ "t1027.004": {
+ "technique_id": "T1027.004",
+ "technique": "Obfuscated Files or Information : Compile After Delivery",
+ "url": "https://attack.mitre.org/techniques/T1027/004"
+ },
+ "t1564.007": {
+ "technique_id": "T1564.007",
+ "technique": "Hide Artifacts : VBA Stomping",
+ "url": "https://attack.mitre.org/techniques/T1564/007"
+ },
+ "t1127.001": {
+ "technique_id": "T1127.001",
+ "technique": "Trusted Developer Utilities Proxy Execution : MSBuild",
+ "url": "https://attack.mitre.org/techniques/T1127/001"
+ },
+ "t1578.005": {
+ "technique_id": "T1578.005",
+ "technique": "Modify Cloud Compute Infrastructure : Modify Cloud Compute Configurations",
+ "url": "https://attack.mitre.org/techniques/T1578/005"
+ },
+ "t1090.004": {
+ "technique_id": "T1090.004",
+ "technique": "Proxy : Domain Fronting",
+ "url": "https://attack.mitre.org/techniques/T1090/004"
+ },
+ "t1557.002": {
+ "technique_id": "T1557.002",
+ "technique": "Adversary-in-the-Middle : ARP Cache Poisoning",
+ "url": "https://attack.mitre.org/techniques/T1557/002"
+ },
+ "t1562.008": {
+ "technique_id": "T1562.008",
+ "technique": "Impair Defenses : Disable or Modify Cloud Logs",
+ "url": "https://attack.mitre.org/techniques/T1562/008"
+ },
+ "t1518.001": {
+ "technique_id": "T1518.001",
+ "technique": "Software Discovery : Security Software Discovery",
+ "url": "https://attack.mitre.org/techniques/T1518/001"
+ },
+ "t1564.003": {
+ "technique_id": "T1564.003",
+ "technique": "Hide Artifacts : Hidden Window",
+ "url": "https://attack.mitre.org/techniques/T1564/003"
+ },
+ "t1059.006": {
+ "technique_id": "T1059.006",
+ "technique": "Command and Scripting Interpreter : Python",
+ "url": "https://attack.mitre.org/techniques/T1059/006"
+ },
+ "t1591.004": {
+ "technique_id": "T1591.004",
+ "technique": "Gather Victim Org Information : Identify Roles",
+ "url": "https://attack.mitre.org/techniques/T1591/004"
+ },
+ "t1546.010": {
+ "technique_id": "T1546.010",
+ "technique": "Event Triggered Execution : AppInit DLLs",
+ "url": "https://attack.mitre.org/techniques/T1546/010"
+ },
+ "t1546.002": {
+ "technique_id": "T1546.002",
+ "technique": "Event Triggered Execution : Screensaver",
+ "url": "https://attack.mitre.org/techniques/T1546/002"
+ },
+ "t1578.002": {
+ "technique_id": "T1578.002",
+ "technique": "Modify Cloud Compute Infrastructure : Create Cloud Instance",
+ "url": "https://attack.mitre.org/techniques/T1578/002"
+ },
+ "t1555.006": {
+ "technique_id": "T1555.006",
+ "technique": "Credentials from Password Stores : Cloud Secrets Management Stores",
+ "url": "https://attack.mitre.org/techniques/T1555/006"
+ },
+ "t1213.003": {
+ "technique_id": "T1213.003",
+ "technique": "Data from Information Repositories : Code Repositories",
+ "url": "https://attack.mitre.org/techniques/T1213/003"
+ },
+ "t1565.002": {
+ "technique_id": "T1565.002",
+ "technique": "Data Manipulation : Transmitted Data Manipulation",
+ "url": "https://attack.mitre.org/techniques/T1565/002"
+ },
+ "t1003.008": {
+ "technique_id": "T1003.008",
+ "technique": "OS Credential Dumping : /etc/passwd and /etc/shadow",
+ "url": "https://attack.mitre.org/techniques/T1003/008"
+ },
+ "t1543.001": {
+ "technique_id": "T1543.001",
+ "technique": "Create or Modify System Process : Launch Agent",
+ "url": "https://attack.mitre.org/techniques/T1543/001"
+ },
+ "t1059.003": {
+ "technique_id": "T1059.003",
+ "technique": "Command and Scripting Interpreter : Windows Command Shell",
+ "url": "https://attack.mitre.org/techniques/T1059/003"
+ },
+ "t1055.009": {
+ "technique_id": "T1055.009",
+ "technique": "Process Injection : Proc Memory",
+ "url": "https://attack.mitre.org/techniques/T1055/009"
+ },
+ "t1601.001": {
+ "technique_id": "T1601.001",
+ "technique": "Modify System Image : Patch System Image",
+ "url": "https://attack.mitre.org/techniques/T1601/001"
+ },
+ "t1558.002": {
+ "technique_id": "T1558.002",
+ "technique": "Steal or Forge Kerberos Tickets : Silver Ticket",
+ "url": "https://attack.mitre.org/techniques/T1558/002"
+ },
+ "t1070.009": {
+ "technique_id": "T1070.009",
+ "technique": "Indicator Removal : Clear Persistence",
+ "url": "https://attack.mitre.org/techniques/T1070/009"
+ },
+ "t1555.004": {
+ "technique_id": "T1555.004",
+ "technique": "Credentials from Password Stores : Windows Credential Manager",
+ "url": "https://attack.mitre.org/techniques/T1555/004"
+ },
+ "t1132.002": {
+ "technique_id": "T1132.002",
+ "technique": "Data Encoding : Non-Standard Encoding",
+ "url": "https://attack.mitre.org/techniques/T1132/002"
+ },
+ "t1556.001": {
+ "technique_id": "T1556.001",
+ "technique": "Modify Authentication Process : Domain Controller Authentication",
+ "url": "https://attack.mitre.org/techniques/T1556/001"
+ },
+ "t1027.006": {
+ "technique_id": "T1027.006",
+ "technique": "Obfuscated Files or Information : HTML Smuggling",
+ "url": "https://attack.mitre.org/techniques/T1027/006"
+ },
+ "t1556.005": {
+ "technique_id": "T1556.005",
+ "technique": "Modify Authentication Process : Reversible Encryption",
+ "url": "https://attack.mitre.org/techniques/T1556/005"
+ },
+ "t1027.010": {
+ "technique_id": "T1027.010",
+ "technique": "Obfuscated Files or Information : Command Obfuscation",
+ "url": "https://attack.mitre.org/techniques/T1027/010"
+ },
+ "t1070.004": {
+ "technique_id": "T1070.004",
+ "technique": "Indicator Removal : File Deletion",
+ "url": "https://attack.mitre.org/techniques/T1070/004"
+ },
+ "t1546.016": {
+ "technique_id": "T1546.016",
+ "technique": "Event Triggered Execution : Installer Packages",
+ "url": "https://attack.mitre.org/techniques/T1546/016"
+ },
+ "t1595.001": {
+ "technique_id": "T1595.001",
+ "technique": "Active Scanning : Scanning IP Blocks",
+ "url": "https://attack.mitre.org/techniques/T1595/001"
+ },
+ "t1037.004": {
+ "technique_id": "T1037.004",
+ "technique": "Boot or Logon Initialization Scripts : RC Scripts",
+ "url": "https://attack.mitre.org/techniques/T1037/004"
+ },
+ "t1027.002": {
+ "technique_id": "T1027.002",
+ "technique": "Obfuscated Files or Information : Software Packing",
+ "url": "https://attack.mitre.org/techniques/T1027/002"
+ },
+ "t1584.007": {
+ "technique_id": "T1584.007",
+ "technique": "Compromise Infrastructure : Serverless",
+ "url": "https://attack.mitre.org/techniques/T1584/007"
+ },
+ "t1071.001": {
+ "technique_id": "T1071.001",
+ "technique": "Application Layer Protocol : Web Protocols",
+ "url": "https://attack.mitre.org/techniques/T1071/001"
+ },
+ "t1059.005": {
+ "technique_id": "T1059.005",
+ "technique": "Command and Scripting Interpreter : Visual Basic",
+ "url": "https://attack.mitre.org/techniques/T1059/005"
+ },
+ "t1564.005": {
+ "technique_id": "T1564.005",
+ "technique": "Hide Artifacts : Hidden File System",
+ "url": "https://attack.mitre.org/techniques/T1564/005"
+ },
+ "t1543.002": {
+ "technique_id": "T1543.002",
+ "technique": "Create or Modify System Process : Systemd Service",
+ "url": "https://attack.mitre.org/techniques/T1543/002"
+ },
+ "t1563.002": {
+ "technique_id": "T1563.002",
+ "technique": "Remote Service Session Hijacking : RDP Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1563/002"
+ },
+ "t1547.013": {
+ "technique_id": "T1547.013",
+ "technique": "Boot or Logon Autostart Execution : XDG Autostart Entries",
+ "url": "https://attack.mitre.org/techniques/T1547/013"
+ },
+ "t1584.004": {
+ "technique_id": "T1584.004",
+ "technique": "Compromise Infrastructure : Server",
+ "url": "https://attack.mitre.org/techniques/T1584/004"
+ },
+ "t1590.001": {
+ "technique_id": "T1590.001",
+ "technique": "Gather Victim Network Information : Domain Properties",
+ "url": "https://attack.mitre.org/techniques/T1590/001"
+ },
+ "t1055.005": {
+ "technique_id": "T1055.005",
+ "technique": "Process Injection : Thread Local Storage",
+ "url": "https://attack.mitre.org/techniques/T1055/005"
+ },
+ "t1036.006": {
+ "technique_id": "T1036.006",
+ "technique": "Masquerading : Space after Filename",
+ "url": "https://attack.mitre.org/techniques/T1036/006"
+ },
+ "t1547.007": {
+ "technique_id": "T1547.007",
+ "technique": "Boot or Logon Autostart Execution : Re-opened Applications",
+ "url": "https://attack.mitre.org/techniques/T1547/007"
+ },
+ "t1608.006": {
+ "technique_id": "T1608.006",
+ "technique": "Stage Capabilities : SEO Poisoning",
+ "url": "https://attack.mitre.org/techniques/T1608/006"
+ },
+ "t1550.002": {
+ "technique_id": "T1550.002",
+ "technique": "Use Alternate Authentication Material : Pass the Hash",
+ "url": "https://attack.mitre.org/techniques/T1550/002"
+ },
+ "t1574.002": {
+ "technique_id": "T1574.002",
+ "technique": "Hijack Execution Flow : DLL Side-Loading",
+ "url": "https://attack.mitre.org/techniques/T1574/002"
+ },
+ "t1098.002": {
+ "technique_id": "T1098.002",
+ "technique": "Account Manipulation : Additional Email Delegate Permissions",
+ "url": "https://attack.mitre.org/techniques/T1098/002"
+ },
+ "t1588.003": {
+ "technique_id": "T1588.003",
+ "technique": "Obtain Capabilities : Code Signing Certificates",
+ "url": "https://attack.mitre.org/techniques/T1588/003"
+ },
+ "t1055.008": {
+ "technique_id": "T1055.008",
+ "technique": "Process Injection : Ptrace System Calls",
+ "url": "https://attack.mitre.org/techniques/T1055/008"
+ },
+ "t1027.007": {
+ "technique_id": "T1027.007",
+ "technique": "Obfuscated Files or Information : Dynamic API Resolution",
+ "url": "https://attack.mitre.org/techniques/T1027/007"
+ },
+ "t1021.001": {
+ "technique_id": "T1021.001",
+ "technique": "Remote Services : Remote Desktop Protocol",
+ "url": "https://attack.mitre.org/techniques/T1021/001"
+ },
+ "t1037.001": {
+ "technique_id": "T1037.001",
+ "technique": "Boot or Logon Initialization Scripts : Logon Script (Windows)",
+ "url": "https://attack.mitre.org/techniques/T1037/001"
+ },
+ "t1055.015": {
+ "technique_id": "T1055.015",
+ "technique": "Process Injection : ListPlanting",
+ "url": "https://attack.mitre.org/techniques/T1055/015"
+ },
+ "t1596.005": {
+ "technique_id": "T1596.005",
+ "technique": "Search Open Technical Databases : Scan Databases",
+ "url": "https://attack.mitre.org/techniques/T1596/005"
+ },
+ "t1564.001": {
+ "technique_id": "T1564.001",
+ "technique": "Hide Artifacts : Hidden Files and Directories",
+ "url": "https://attack.mitre.org/techniques/T1564/001"
+ },
+ "t1578.001": {
+ "technique_id": "T1578.001",
+ "technique": "Modify Cloud Compute Infrastructure : Create Snapshot",
+ "url": "https://attack.mitre.org/techniques/T1578/001"
+ },
+ "t1591.001": {
+ "technique_id": "T1591.001",
+ "technique": "Gather Victim Org Information : Determine Physical Locations",
+ "url": "https://attack.mitre.org/techniques/T1591/001"
+ },
+ "t1137.002": {
+ "technique_id": "T1137.002",
+ "technique": "Office Application Startup : Office Test",
+ "url": "https://attack.mitre.org/techniques/T1137/002"
+ },
+ "t1003.003": {
+ "technique_id": "T1003.003",
+ "technique": "OS Credential Dumping : NTDS",
+ "url": "https://attack.mitre.org/techniques/T1003/003"
+ },
+ "t1602.001": {
+ "technique_id": "T1602.001",
+ "technique": "Data from Configuration Repository : SNMP (MIB Dump)",
+ "url": "https://attack.mitre.org/techniques/T1602/001"
+ },
+ "t1001.002": {
+ "technique_id": "T1001.002",
+ "technique": "Data Obfuscation : Steganography",
+ "url": "https://attack.mitre.org/techniques/T1001/002"
+ },
+ "t1204.001": {
+ "technique_id": "T1204.001",
+ "technique": "User Execution : Malicious Link",
+ "url": "https://attack.mitre.org/techniques/T1204/001"
+ },
+ "t1550.001": {
+ "technique_id": "T1550.001",
+ "technique": "Use Alternate Authentication Material : Application Access Token",
+ "url": "https://attack.mitre.org/techniques/T1550/001"
+ },
+ "t1547.008": {
+ "technique_id": "T1547.008",
+ "technique": "Boot or Logon Autostart Execution : LSASS Driver",
+ "url": "https://attack.mitre.org/techniques/T1547/008"
+ },
+ "t1569.002": {
+ "technique_id": "T1569.002",
+ "technique": "System Services : Service Execution",
+ "url": "https://attack.mitre.org/techniques/T1569/002"
+ },
+ "t1078.004": {
+ "technique_id": "T1078.004",
+ "technique": "Valid Accounts : Cloud Accounts",
+ "url": "https://attack.mitre.org/techniques/T1078/004"
+ },
+ "t1480.001": {
+ "technique_id": "T1480.001",
+ "technique": "Execution Guardrails : Environmental Keying",
+ "url": "https://attack.mitre.org/techniques/T1480/001"
+ },
+ "t1564.004": {
+ "technique_id": "T1564.004",
+ "technique": "Hide Artifacts : NTFS File Attributes",
+ "url": "https://attack.mitre.org/techniques/T1564/004"
+ },
+ "t1558.003": {
+ "technique_id": "T1558.003",
+ "technique": "Steal or Forge Kerberos Tickets : Kerberoasting",
+ "url": "https://attack.mitre.org/techniques/T1558/003"
+ },
+ "t1003.006": {
+ "technique_id": "T1003.006",
+ "technique": "OS Credential Dumping : DCSync",
+ "url": "https://attack.mitre.org/techniques/T1003/006"
+ },
+ "t1053.002": {
+ "technique_id": "T1053.002",
+ "technique": "Scheduled Task/Job : At",
+ "url": "https://attack.mitre.org/techniques/T1053/002"
+ },
+ "t1055.001": {
+ "technique_id": "T1055.001",
+ "technique": "Process Injection : Dynamic-link Library Injection",
+ "url": "https://attack.mitre.org/techniques/T1055/001"
+ },
+ "t1588.005": {
+ "technique_id": "T1588.005",
+ "technique": "Obtain Capabilities : Exploits",
+ "url": "https://attack.mitre.org/techniques/T1588/005"
+ },
+ "t1056.004": {
+ "technique_id": "T1056.004",
+ "technique": "Input Capture : Credential API Hooking",
+ "url": "https://attack.mitre.org/techniques/T1056/004"
+ },
+ "t1546.007": {
+ "technique_id": "T1546.007",
+ "technique": "Event Triggered Execution : Netsh Helper DLL",
+ "url": "https://attack.mitre.org/techniques/T1546/007"
+ },
+ "t1566.003": {
+ "technique_id": "T1566.003",
+ "technique": "Phishing : Spearphishing via Service",
+ "url": "https://attack.mitre.org/techniques/T1566/003"
+ },
+ "t1090.001": {
+ "technique_id": "T1090.001",
+ "technique": "Proxy : Internal Proxy",
+ "url": "https://attack.mitre.org/techniques/T1090/001"
+ },
+ "t1102.001": {
+ "technique_id": "T1102.001",
+ "technique": "Web Service : Dead Drop Resolver",
+ "url": "https://attack.mitre.org/techniques/T1102/001"
+ },
+ "t1001.001": {
+ "technique_id": "T1001.001",
+ "technique": "Data Obfuscation : Junk Data",
+ "url": "https://attack.mitre.org/techniques/T1001/001"
+ },
+ "t1598.001": {
+ "technique_id": "T1598.001",
+ "technique": "Phishing for Information : Spearphishing Service",
+ "url": "https://attack.mitre.org/techniques/T1598/001"
+ },
+ "t1552.007": {
+ "technique_id": "T1552.007",
+ "technique": "Unsecured Credentials : Container API",
+ "url": "https://attack.mitre.org/techniques/T1552/007"
+ },
+ "t1584.001": {
+ "technique_id": "T1584.001",
+ "technique": "Compromise Infrastructure : Domains",
+ "url": "https://attack.mitre.org/techniques/T1584/001"
+ },
+ "t1505.001": {
+ "technique_id": "T1505.001",
+ "technique": "Server Software Component : SQL Stored Procedures",
+ "url": "https://attack.mitre.org/techniques/T1505/001"
+ },
+ "t1556.004": {
+ "technique_id": "T1556.004",
+ "technique": "Modify Authentication Process : Network Device Authentication",
+ "url": "https://attack.mitre.org/techniques/T1556/004"
+ },
+ "t1561.001": {
+ "technique_id": "T1561.001",
+ "technique": "Disk Wipe : Disk Content Wipe",
+ "url": "https://attack.mitre.org/techniques/T1561/001"
+ },
+ "t1048.003": {
+ "technique_id": "T1048.003",
+ "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Unencrypted Non-C2 Protocol",
+ "url": "https://attack.mitre.org/techniques/T1048/003"
+ },
+ "t1574.004": {
+ "technique_id": "T1574.004",
+ "technique": "Hijack Execution Flow : Dylib Hijacking",
+ "url": "https://attack.mitre.org/techniques/T1574/004"
+ },
+ "t1601.002": {
+ "technique_id": "T1601.002",
+ "technique": "Modify System Image : Downgrade System Image",
+ "url": "https://attack.mitre.org/techniques/T1601/002"
+ },
+ "t1078.003": {
+ "technique_id": "T1078.003",
+ "technique": "Valid Accounts : Local Accounts",
+ "url": "https://attack.mitre.org/techniques/T1078/003"
+ },
+ "t1218.014": {
+ "technique_id": "T1218.014",
+ "technique": "System Binary Proxy Execution : MMC",
+ "url": "https://attack.mitre.org/techniques/T1218/014"
+ },
+ "t1564.010": {
+ "technique_id": "T1564.010",
+ "technique": "Hide Artifacts : Process Argument Spoofing",
+ "url": "https://attack.mitre.org/techniques/T1564/010"
+ },
+ "t1574.012": {
+ "technique_id": "T1574.012",
+ "technique": "Hijack Execution Flow : COR_PROFILER",
+ "url": "https://attack.mitre.org/techniques/T1574/012"
+ }
+}
\ No newline at end of file
diff --git a/translator/app/translator/platforms/crowdstrike/const.py b/translator/app/translator/platforms/crowdstrike/const.py
index 51dd0c94..f30e50a0 100644
--- a/translator/app/translator/platforms/crowdstrike/const.py
+++ b/translator/app/translator/platforms/crowdstrike/const.py
@@ -2,10 +2,10 @@
CROWDSTRIKE_QUERY_DETAILS = {
"siem_type": "crowdstrike-spl-query",
- "name": "CrowdStrike",
+ "name": "CrowdStrike Endpoint Security",
"platform_name": "Query (SPL)",
"group_id": "crowdstrike",
- "group_name": "CrowdStrike"
+ "group_name": "CrowdStrike Endpoint Security"
}
crowdstrike_query_details = PlatformDetails(**CROWDSTRIKE_QUERY_DETAILS)
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy