Loading AttackTrace...
MITRE ATT&CK
A reviewed, source-linked view of MITRE ATT&CK techniques across enterprise tactics, platforms, detections, investigations, and mitigations.
Masquerading (T1036) is a MITRE ATT&CK technique associated with Stealth . Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.
Invalid Code Signature (T1036.001) is a MITRE ATT&CK technique associated with Stealth . Adversaries may attempt to mimic features of valid code signatures to increase the chance of deceiving a user, analyst, or tool.
Right to Left Override (T1036.002) is a MITRE ATT&CK technique associated with Stealth . Adversaries may abuse the right to left override (RTLO or RLO) character (U+202E) to disguise a string and/or file name to make it appear benign.
Rename Legitimate Utilities (T1036.003) is a MITRE ATT&CK technique associated with Stealth . Adversaries may rename legitimate / system utilities to try to evade security mechanisms concerning the usage of those utilities.
Masquerade Task or Service (T1036.004) is a MITRE ATT&CK technique associated with Stealth . Adversaries may attempt to manipulate the name of a task or service to make it appear legitimate or benign.
Match Legitimate Resource Name or Location (T1036.005) is a MITRE ATT&CK technique associated with Stealth . Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them.
Space after Filename (T1036.006) is a MITRE ATT&CK technique associated with Stealth . Adversaries can hide a program's true filetype by changing the extension of a file.
Double File Extension (T1036.007) is a MITRE ATT&CK technique associated with Stealth . Adversaries may abuse a double extension in the filename as a means of masquerading the true file type.
Masquerade File Type (T1036.008) is a MITRE ATT&CK technique associated with Stealth . Adversaries may masquerade malicious payloads as legitimate files through changes to the payload's formatting, including the file’s signature, extension, icon, and contents.
Break Process Trees (T1036.009) is a MITRE ATT&CK technique associated with Stealth . An adversary may attempt to evade process tree based analysis by modifying executed malware's parent process ID (PPID).
Masquerade Account Name (T1036.010) is a MITRE ATT&CK technique associated with Stealth . Adversaries may match or approximate the names of legitimate accounts to make newly created ones appear benign.
Overwrite Process Arguments (T1036.011) is a MITRE ATT&CK technique associated with Stealth . Adversaries may modify a process's in memory arguments to change its name in order to appear as a legitimate or benign process.
Browser Fingerprint (T1036.012) is a MITRE ATT&CK technique associated with Stealth . Adversaries may attempt to blend in with legitimate traffic by spoofing browser and system attributes like operating system, system language, platform, user agent string, resolution, time zon…
Boot or Logon Initialization Scripts (T1037) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may use scripts automatically executed at boot or logon initialization to establish persistence. Initialization scripts can be used to perfo…
Logon Script (Windows) (T1037.001) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may use Windows logon scripts automatically executed at logon initialization to establish persistence.
Login Hook (T1037.002) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may use a Login Hook to establish persistence executed upon user logon.
Network Logon Script (T1037.003) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may use network logon scripts automatically executed at logon initialization to establish persistence.
RC Scripts (T1037.004) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may establish persistence by modifying RC scripts, which are executed during a Unix like system’s startup.
Startup Items (T1037.005) is a MITRE ATT&CK technique associated with Persistence, Privilege Escalation . Adversaries may use startup items automatically executed at boot initialization to establish persistence.
Data from Network Shared Drive (T1039) is a MITRE ATT&CK technique associated with Collection . Adversaries may search network shares on computers they have compromised to find files of interest.
Network Sniffing (T1040) is a MITRE ATT&CK technique associated with Credential Access, Discovery . Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Exfiltration Over C2 Channel (T1041) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may steal data by exfiltrating it over an existing command and control channel.
Network Service Discovery (T1046) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Windows Management Instrumentation (T1047) is a MITRE ATT&CK technique associated with Execution . Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads.
Exfiltration Over Alternative Protocol (T1048) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel.
Exfiltration Over Symmetric Encrypted Non C2 Protocol (T1048.001) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may steal data by exfiltrating it over a symmetrically encrypted network protocol other than that of the existing command and control channel.
Exfiltration Over Asymmetric Encrypted Non C2 Protocol (T1048.002) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may steal data by exfiltrating it over an asymmetrically encrypted network protocol other than that of the existing command and control cha…
Exfiltration Over Unencrypted Non C2 Protocol (T1048.003) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may steal data by exfiltrating it over an un encrypted network protocol other than that of the existing command and control channel.
System Network Connections Discovery (T1049) is a MITRE ATT&CK technique associated with Discovery . Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for informatio…
Exfiltration Over Physical Medium (T1052) is a MITRE ATT&CK technique associated with Exfiltration . Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive.