Adversary Tactics

Name Technique Tactic
Active Directory Discovery Permission Groups Discovery, Local Groups Discovery
Active Directory Kerberos Attacks Remote System Discovery Discovery
Active Directory Lateral Movement Remote Services, Windows Remote Management Lateral Movement
Active Directory Password Spraying Password Spraying, Brute Force Credential Access
Atlassian Confluence Server and Data Center CVE-2022-26134 Exploit Public-Facing Application Initial Access
Azure Active Directory Account Takeover Brute Force, Password Spraying Credential Access
BITS Jobs BITS Jobs, Ingress Tool Transfer Defense Evasion
Baron Samedit CVE-2021-3156 Exploitation for Privilege Escalation Privilege Escalation
Brute Ratel C4 Service Stop Impact
CISA AA22-257A Protocol Tunneling, SSH Command And Control
Caddy Wiper Disk Structure Wipe, Disk Wipe Impact
Cobalt Strike Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities, MSBuild Defense Evasion
Collection and Staging Masquerading Defense Evasion
Command and Control Remote Access Software Command And Control
Credential Dumping NTDS, OS Credential Dumping Credential Access
DNS Hijacking Drive-by Compromise Initial Access
Data Exfiltration Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol Exfiltration
Deobfuscate-Decode Files or Information Deobfuscate/Decode Files or Information Defense Evasion
Detect Zerologon Attack LSASS Memory, OS Credential Dumping Credential Access
Disabling Security Tools Disable or Modify Tools, Impair Defenses Defense Evasion
Domain Trust Discovery Remote System Discovery Discovery
Double Zero Destructor Disable or Modify Tools, Impair Defenses Defense Evasion
F5 BIG-IP Vulnerability CVE-2022-1388 Exploit Public-Facing Application Initial Access
F5 TMUI RCE CVE-2020-5902 Exploit Public-Facing Application Initial Access
HAFNIUM Group Automated Exfiltration Exfiltration
Hermetic Wiper Disk Structure Wipe, Disk Wipe Impact
Ingress Tool Transfer Automated Exfiltration Exfiltration
Insider Threat Password Spraying, Brute Force Credential Access
Linux Living Off The Land Ingress Tool Transfer Command And Control
Linux Persistence Techniques Sudo and Sudo Caching, Abuse Elevation Control Mechanism Privilege Escalation
Linux Post-Exploitation Unix Shell Execution
Linux Privilege Escalation Exploitation for Privilege Escalation Privilege Escalation
Linux Rootkit System Information Discovery, Rootkit Discovery
Living Off The Land Bypass User Account Control, Abuse Elevation Control Mechanism Privilege Escalation
Log4Shell CVE-2021-44228 Automated Exfiltration Exfiltration
Malicious PowerShell Automated Exfiltration Exfiltration
Masquerading - Rename System Utilities Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil Defense Evasion
Meterpreter Command and Scripting Interpreter Execution
Microsoft MSHTML Remote Code Execution CVE-2021-40444 System Binary Proxy Execution, Rundll32 Defense Evasion
Microsoft Support Diagnostic Tool Vulnerability CVE-2022-30190 Phishing, Spearphishing Attachment Initial Access
NOBELIUM Group System Binary Proxy Execution, Mshta Defense Evasion
PetitPotam NTLM Relay on Active Directory Certificate Services OS Credential Dumping Credential Access
Possible Backdoor Activity Associated With MUDCARP Espionage Campaigns Automated Exfiltration Exfiltration
ProxyShell Server Software Component, Web Shell Persistence
SQL Injection Exploit Public-Facing Application Initial Access
Signed Binary Proxy Execution InstallUtil Masquerading, Rename System Utilities, System Binary Proxy Execution, InstallUtil Defense Evasion
Silver Sparrow Data Staged Collection
Spearphishing Attachments Phishing, Spearphishing Attachment Initial Access
Spring4Shell CVE-2022-22965 Exploit Public-Facing Application Initial Access
Suspicious Command-Line Executions Masquerading, Rename System Utilities Defense Evasion
Suspicious Compiled HTML Activity Compiled HTML File, System Binary Proxy Execution Defense Evasion
Suspicious DNS Traffic Exfiltration Over Alternative Protocol Exfiltration
Suspicious Emails Spearphishing Attachment, Phishing Initial Access
Suspicious MSHTA Activity System Binary Proxy Execution, Mshta Defense Evasion
Suspicious Okta Activity Valid Accounts, Default Accounts Defense Evasion
Suspicious Regsvcs Regasm Activity System Binary Proxy Execution, Regsvcs/Regasm Defense Evasion
Suspicious Regsvr32 Activity System Binary Proxy Execution, Regsvr32 Defense Evasion
Suspicious Rundll32 Activity NTDS, OS Credential Dumping Credential Access
Suspicious WMI Use XSL Script Processing Defense Evasion
Suspicious Windows Registry Activities Services Registry Permissions Weakness Persistence
Suspicious Zoom Child Processes Exploitation for Privilege Escalation Privilege Escalation
Trusted Developer Utilities Proxy Execution Trusted Developer Utilities Proxy Execution Defense Evasion
Trusted Developer Utilities Proxy Execution MSBuild Trusted Developer Utilities Proxy Execution, MSBuild Defense Evasion
VMware Server Side Injection and Privilege Escalation Exploit Public-Facing Application Initial Access
WhisperGate Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation Defense Evasion
Windows DNS SIGRed CVE-2020-1350 Exploitation for Client Execution Execution
Windows Defense Evasion Tactics Bypass User Account Control, Abuse Elevation Control Mechanism Privilege Escalation
Windows Discovery Techniques Permission Groups Discovery, Local Groups Discovery
Windows Drivers Exploitation for Privilege Escalation Privilege Escalation
Windows Log Manipulation Indicator Removal on Host, Clear Windows Event Logs Defense Evasion
Windows Persistence Techniques Services Registry Permissions Weakness Persistence
Windows Privilege Escalation Malicious File Execution
Windows System Binary Proxy Execution MSIExec Msiexec Defense Evasion