TA0002ATT&CK 14.1

TA0002Execution

Description

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

Techniques in this tactic· 12

T1047

Windows Management Instrumentation

T1053

Scheduled Task/Job

T1059

Command and Scripting Interpreter

T1072

Software Deployment Tools

T1106

T1129

T1203

Exploitation for Client Execution

T1204

T1559

Inter-Process Communication

T1569

System Services

T1609

Container Administration Command

T1610

Deploy Container

Sub-techniques in this tactic· 24

T1053.001 T1053.002 T1053.003 T1053.004 T1053.005 T1053.006 T1053.007 T1059.001 T1059.002 T1059.003 T1059.004 T1059.005 T1059.006 T1059.007 T1059.008 T1059.009 T1204.001 T1204.002 T1204.003 T1559.001 T1559.002 T1559.003 T1569.001 T1569.002

References

https://attack.mitre.org/tactics/TA0002

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Lateral Movement

Command and Scripting Interpreter

Privilege Escalation

Command and Control

Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.