Enumeration Members
AbuseElevationControlMechanism
AbuseElevationControlMechanism: "Abuse Elevation Control Mechanism"
AccessTokenManipulation
AccessTokenManipulation: "Access Token Manipulation"
AccountDiscovery
AccountDiscovery: "Account Discovery"
AccountManipulation
AccountManipulation: "Account Manipulation"
ActiveScanning
ActiveScanning: "Active Scanning"
ApplicationLayerProtocol
ApplicationLayerProtocol: "Application Layer Protocol"
AudioCapture
AudioCapture: "Audio Capture"
BootOrLogonAutostartExecution
BootOrLogonAutostartExecution: "Boot or Logon Autostart Execution"
BootOrLogonInitializationScripts
BootOrLogonInitializationScripts: "Boot or Logon Initialization Scripts"
BruteForce
BruteForce: "Brute Force"
CloudInfrastructureDiscovery
CloudInfrastructureDiscovery: "Cloud Infrastructure Discovery"
CloudServiceDashboard
CloudServiceDashboard: "Cloud Service Dashboard"
CloudServiceDiscovery
CloudServiceDiscovery: "Cloud Service Discovery"
CommandAndScriptingInterpreter
CommandAndScriptingInterpreter: "Command and Scripting Interpreter"
CompromiseClientSoftwareBinary
CompromiseClientSoftwareBinary: "Compromise Client Software Binary"
CompromiseInfrastructure
CompromiseInfrastructure: "Compromise Infrastructure"
ContainerAndResourceDiscovery
ContainerAndResourceDiscovery: "Container and Resource Discovery"
CreateAccount
CreateAccount: "Create Account"
CreateOrModifySystemProcess
CreateOrModifySystemProcess: "Create or Modify System Process"
CredentialsFromPasswordStores
CredentialsFromPasswordStores: "Credentials from Password Stores"
DataDestruction
DataDestruction: "Data Destruction"
DataEncryptedForImpact
DataEncryptedForImpact: "Data Encrypted for Impact"
DataFromCloudStorageObject
DataFromCloudStorageObject: "Data from Cloud Storage Object"
DataFromConfigurationRepository
DataFromConfigurationRepository: "Data from Configuration Repository"
DataFromInformationRepositories
DataFromInformationRepositories: "Data from Information Repositories"
DataFromLocalSystem
DataFromLocalSystem: "Data from Local System"
DataManipulation
DataManipulation: "Data Manipulation"
DataStaged
DataStaged: "Data Staged"
Defacement
Defacement: "Defacement"
DeobfuscateDecodeFilesOrInformation
DeobfuscateDecodeFilesOrInformation: "Deobfuscate/Decode Files or Information"
DiskWipe
DiskWipe: "Disk Wipe"
DomainTrustDiscovery
DomainTrustDiscovery: "Domain Trust Discovery"
DriveByCompromise
DriveByCompromise: "Drive-by Compromise"
DynamicResolution
DynamicResolution: "Dynamic Resolution"
EndpointDenialOfService
EndpointDenialOfService: "Endpoint Denial of Service"
EventTriggeredExecution
EventTriggeredExecution: "Event Triggered Execution"
ExfiltrationOverAlternativeProtocol
ExfiltrationOverAlternativeProtocol: "Exfiltration Over Alternative Protocol"
ExploitPublicFacingApplication
ExploitPublicFacingApplication: "Exploit Public-Facing Application"
ExploitationForClientExecution
ExploitationForClientExecution: "Exploitation for Client Execution"
ExploitationForCredentialAccess
ExploitationForCredentialAccess: "Exploitation for Credential Access"
ExploitationForDefenseEvasion
ExploitationForDefenseEvasion: "Exploitation for Defense Evasion"
ExploitationForPrivilegeEscalation
ExploitationForPrivilegeEscalation: "Exploitation for Privilege Escalation"
ExploitationOfRemoteServices
ExploitationOfRemoteServices: "Exploitation of Remote Services"
ExternalRemoteServices
ExternalRemoteServices: "External Remote Services"
FallbackChannels
FallbackChannels: "Fallback Channels"
FileAndDirectoryDiscovery
FileAndDirectoryDiscovery: "File and Directory Discovery"
FileAndDirectoryPermissionsModification
FileAndDirectoryPermissionsModification: "File and Directory Permissions Modification"
GatherVictimNetworkInformation
GatherVictimNetworkInformation: "Gather Victim Network Information"
HideArtifacts
HideArtifacts: "Hide Artifacts"
HijackExecutionFlow
HijackExecutionFlow: "Hijack Execution Flow"
ImpairDefenses
ImpairDefenses: "Impair Defenses"
ImplantContainerImage
ImplantContainerImage: "Implant Container Image"
IndicatorRemovalOnHost
IndicatorRemovalOnHost: "Indicator Removal on Host"
IndirectCommandExecution
IndirectCommandExecution: "Indirect Command Execution"
IngressToolTransfer
IngressToolTransfer: "Ingress Tool Transfer"
InputCapture
InputCapture: "Input Capture"
InterProcessCommunication
InterProcessCommunication: "Inter-Process Communication"
LateralToolTransfer
LateralToolTransfer: "Lateral Tool Transfer"
ManInTheMiddle
ManInTheMiddle: "Man-in-the-Middle"
Masquerading
Masquerading: "Masquerading"
ModifyAuthenticationProcess
ModifyAuthenticationProcess: "Modify Authentication Process"
ModifyRegistry
ModifyRegistry: "Modify Registry"
NetworkDenialOfService
NetworkDenialOfService: "Network Denial of Service"
NetworkServiceScanning
NetworkServiceScanning: "Network Service Scanning"
NetworkSniffing
NetworkSniffing: "Network Sniffing"
NonApplicationLayerProtocol
NonApplicationLayerProtocol: "Non-Application Layer Protocol"
NonStandardPort
NonStandardPort: "Non-Standard Port"
OSCredentialDumping
OSCredentialDumping: "OS Credential Dumping"
ObfuscatedFilesOrInformation
ObfuscatedFilesOrInformation: "Obfuscated Files or Information"
ObtainCapabilities
ObtainCapabilities: "Obtain Capabilities"
OfficeApplicationStartup
OfficeApplicationStartup: "Office Application Startup"
PermissionGroupsDiscovery
PermissionGroupsDiscovery: "Permission Groups Discovery"
Phishing
Phishing: "Phishing"
PreOSBoot
PreOSBoot: "Pre-OS Boot"
ProcessDiscovery
ProcessDiscovery: "Process Discovery"
ProcessInjection
ProcessInjection: "Process Injection"
ProtocolTunneling
ProtocolTunneling: "Protocol Tunneling"
QueryRegistry
QueryRegistry: "Query Registry"
RemoteAccessSoftware
RemoteAccessSoftware: "Remote Access Software"
RemoteServiceSessionHijacking
RemoteServiceSessionHijacking: "Remote Service Session Hijacking"
RemoteServices
RemoteServices: "Remote Services"
RemoteSystemDiscovery
RemoteSystemDiscovery: "Remote System Discovery"
ResourceHijacking
ResourceHijacking: "Resource Hijacking"
SQLStoredProcedures
SQLStoredProcedures: "SQL Stored Procedures"
ScheduledTaskJob
ScheduledTaskJob: "Scheduled Task/Job"
ScreenCapture
ScreenCapture: "Screen Capture"
SearchVictimOwnedWebsites
SearchVictimOwnedWebsites: "Search Victim-Owned Websites"
ServerSoftwareComponent
ServerSoftwareComponent: "Server Software Component"
ServiceStop
ServiceStop: "Service Stop"
SignedBinaryProxyExecution
SignedBinaryProxyExecution: "Signed Binary Proxy Execution"
SoftwareDeploymentTools
SoftwareDeploymentTools: "Software Deployment Tools"
StealOrForgeKerberosTickets
StealOrForgeKerberosTickets: "Steal or Forge Kerberos Tickets"
SubvertTrustControls
SubvertTrustControls: "Subvert Trust Controls"
SupplyChainCompromise
SupplyChainCompromise: "Supply Chain Compromise"
SystemInformationDiscovery
SystemInformationDiscovery: "System Information Discovery"
TaintSharedContent
TaintSharedContent: "Taint Shared Content"
TrafficSignaling
TrafficSignaling: "Traffic Signaling"
TransferDataToCloudAccount
TransferDataToCloudAccount: "Transfer Data to Cloud Account"
TrustedRelationship
TrustedRelationship: "Trusted Relationship"
UnsecuredCredentials
UnsecuredCredentials: "Unsecured Credentials"
UserExecution
UserExecution: "User Execution"
ValidAccounts
ValidAccounts: "Valid Accounts"
WindowsManagementInstrumentation
WindowsManagementInstrumentation: "Windows Management Instrumentation"
Known values of Techniques that the service accepts.