212 indexed
ATT&CKATT&CK techniques
212 top-level MITRE ATT&CK Enterprise techniques (T-IDs), grouped by tactic. Filter to a tactic or browse the full kill chain, then click into a technique for sub-techniques and mitigations. Authored by Adam Lundqvist.
15 in Impact · 212 total
| ID | Title | Summary |
|---|---|---|
| T1485 | Data Destruction | Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resourc… |
| T1486 | Data Encrypted for Impact | Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can … |
| T1487 | Disk Structure Wipe | Adversaries may corrupt or wipe the disk data structures on hard drive necessary to boot systems; targeting specific critical systems as well as a large number… |
| T1489 | Service Stop | Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhi… |
| T1490 | Inhibit System Recovery | Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.(Citation: Talos… |
| T1491 | Defacement | Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reason… |
| T1495 | Firmware Corruption | Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inopera… |
| T1496 | Resource Hijacking | Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. … |
| T1498 | Network Denial of Service | Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be perform… |
| T1499 | Endpoint Denial of Service | Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by ex… |
| T1529 | System Shutdown/Reboot | Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate… |
| T1531 | Account Access Removal | Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, … |
| T1561 | Disk Wipe | Adversaries may wipe or corrupt raw disk data on specific systems or in large numbers in a network to interrupt availability to system and network resources. W… |
| T1565 | Data Manipulation | Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By man… |
| T1657 | Financial Theft | Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gai… |