Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- TechniqueID,Data Source
- Technique/T1001,"Packet capture,Process use of network,Process monitoring,Network protocol analysis"
- Technique/T1002,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
- Technique/T1003,"API monitoring,Process command-line parameters,Process monitoring,PowerShell logs"
- Technique/T1004,"Windows Registry,File monitoring,Process monitoring"
- Technique/T1005,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1006,API monitoring
- Technique/T1007,"Process command-line parameters,Process monitoring"
- Technique/T1008,"Packet capture,Netflow/Enclave netflow,Malware reverse engineering,Process use of network,Process monitoring"
- Technique/T1009,
- Technique/T1010,"API monitoring,Process command-line parameters,Process monitoring"
- Technique/T1011,"User interface,Process monitoring"
- Technique/T1012,"Windows Registry,Process monitoring,Process command-line parameters"
- Technique/T1013,"File monitoring,API monitoring,DLL monitoring,Windows Registry,Process monitoring"
- Technique/T1014,"BIOS,MBR,System calls"
- Technique/T1015,"Windows Registry,File monitoring,Process monitoring"
- Technique/T1016,"Process command-line parameters,Process monitoring"
- Technique/T1017,"File monitoring,Process use of network,Process monitoring"
- Technique/T1018,"Network protocol analysis,Process command-line parameters,Process monitoring,Process use of network"
- Technique/T1019,"API monitoring,BIOS,EFI"
- Technique/T1020,"File monitoring,Process monitoring,Process use of network"
- Technique/T1021,Authentication logs
- Technique/T1022,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
- Technique/T1023,"File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1024,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
- Technique/T1025,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1026,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
- Technique/T1027,"Network protocol analysis,Process use of network,Binary file metadata,File monitoring,Malware reverse engineering,Process command-line parameters,Environment variable,Process Monitoring,Windows event logs,Network intrusion detection system,Email gateway,SSL/TLS inspection"
- Technique/T1028,"File monitoring,Authentication logs,Netflow/Enclave netflow,Process command-line parameters,Process monitoring"
- Technique/T1029,"Netflow/Enclave netflow,Process use of network,Process monitoring"
- Technique/T1030,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
- Technique/T1031,"Windows Registry,File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1032,"Packet capture,Netflow/Enclave netflow,Malware reverse engineering,Process use of network,Process monitoring,SSL/TLS inspection"
- Technique/T1033,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1034,"File monitoring,Process monitoring"
- Technique/T1035,"Windows Registry,Process command-line parameters,Process monitoring"
- Technique/T1036,"File monitoring,Process monitoring,Binary file metadata"
- Technique/T1037,"File monitoring,Process monitoring"
- Technique/T1038,"File monitoring,DLL monitoring,Process command-line parameters,Process monitoring"
- Technique/T1039,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1040,"Network device logs,Host network interface,Netflow/Enclave netflow"
- Technique/T1041,"User interface,Process monitoring"
- Technique/T1042,"Windows Registry,Process command-line parameters,Process monitoring"
- Technique/T1043,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
- Technique/T1044,"File monitoring,Process command-line parameters,Services"
- Technique/T1045,Binary file metadata
- Technique/T1046,"Netflow/Enclave netflow,Network protocol analysis,Packet capture,Process command-line parameters,Process use of network"
- Technique/T1047,"Authentication logs,Netflow/Enclave netflow,Process command-line parameters,Process monitoring"
- Technique/T1048,"User interface,Process monitoring,Process use of network,Packet capture,Netflow/Enclave netflow,Network protocol analysis"
- Technique/T1049,"Process command-line parameters,Process monitoring"
- Technique/T1050,"Windows Registry,Process monitoring,Process command-line parameters"
- Technique/T1051,"File monitoring,Process monitoring"
- Technique/T1052,"Data loss prevention,File monitoring"
- Technique/T1053,"File monitoring,Process command-line parameters,Process monitoring,Windows event logs"
- Technique/T1054,"Sensor health and status,Process command-line parameters,Process monitoring"
- Technique/T1055,"API monitoring,Windows Registry,File monitoring,DLL monitoring,Named Pipes,Process Monitoring"
- Technique/T1056,"Windows Registry,Kernel drivers,Process monitoring,API monitoring"
- Technique/T1057,"Process command-line parameters,Process monitoring"
- Technique/T1058,"Process command-line parameters,Services,Windows Registry"
- Technique/T1059,"Process command-line parameters,Process monitoring"
- Technique/T1060,"Windows Registry,File monitoring"
- Technique/T1061,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
- Technique/T1062,System calls
- Technique/T1063,"File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1064,"Process monitoring,File monitoring,Process command-line parameters"
- Technique/T1065,"Netflow/Enclave netflow,Process use of network,Process monitoring"
- Technique/T1066,"Process use of network,Anti-virus,Binary file metadata,Process command-line parameters,Process monitoring"
- Technique/T1067,"API monitoring,MBR,VBR"
- Technique/T1068,"Windows Error Reporting,Process monitoring,Application Logs"
- Technique/T1069,"API monitoring,Process command-line parameters,Process monitoring"
- Technique/T1070,"File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1071,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
- Technique/T1072,"Binary file metadata,File monitoring,Process monitoring,Process use of network,Third-party application logs,Windows Registry"
- Technique/T1073,"Process use of network,Process monitoring,Loaded DLLs"
- Technique/T1074,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1075,Authentication logs
- Technique/T1076,"Authentication logs,Netflow/Enclave netflow,Process monitoring"
- Technique/T1077,"Process use of network,Authentication logs,Process command-line parameters,Process monitoring"
- Technique/T1078,"Authentication logs,Process monitoring"
- Technique/T1079,"Packet capture,Process use of network,Malware reverse engineering,Process monitoring"
- Technique/T1080,"File monitoring,Process monitoring"
- Technique/T1081,"File monitoring,Process command-line parameters"
- Technique/T1082,"Process command-line parameters,Process monitoring"
- Technique/T1083,"File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1084,WMI Objects
- Technique/T1085,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
- Technique/T1086,"Windows Registry,File monitoring,Process command-line parameters,Process monitoring"
- Technique/T1087,"API monitoring,Process command-line parameters,Process monitoring"
- Technique/T1088,"System calls,Process monitoring,Authentication logs,Process command-line parameters"
- Technique/T1089,"API monitoring,Anti-virus,File monitoring,Services,Windows Registry,Process command-line parameters"
- Technique/T1090,"Process use of network,Process monitoring,Netflow/Enclave netflow,Packet capture"
- Technique/T1091,"File monitoring,Data loss prevention"
- Technique/T1092,"File monitoring,Data loss prevention"
- Technique/T1093,"Process monitoring,API monitoring"
- Technique/T1094,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
- Technique/T1095,
- Technique/T1096,"File monitoring,Kernel drivers,API monitoring"
- Technique/T1097,Authentication logs
- Technique/T1098,"Authentication logs,API monitoring,Windows event logs,Packet capture"
- Technique/T1099,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1100,"Anti-virus,File monitoring,Process monitoring,Authentication logs,Netflow/Enclave netflow"
- Technique/T1101,"DLL monitoring,Windows Registry,Loaded DLLs"
- Technique/T1102,"Host network interface,Netflow/Enclave netflow,Network protocol analysis,Packet capture,SSL/TLS inspection"
- Technique/T1103,"Loaded DLLs,Process monitoring,Windows Registry"
- Technique/T1104,"Netflow/Enclave netflow,Network device logs,Network protocol analysis,Packet capture,Process use of network"
- Technique/T1105,"File monitoring,Packet capture,Process use of network,Netflow/Enclave netflow,Network protocol analysis,Process monitoring"
- Technique/T1106,"API monitoring,Process monitoring"
- Technique/T1107,"Binary file metadata,File monitoring,Process command-line parameters"
- Technique/T1108,"Process monitoring,Process use of network,Packet capture,Network protocol analysis,File monitoring,Binary file metadata,Authentication logs"
- Technique/T1109,
- Technique/T1110,Authentication logs
- Technique/T1111,
- Technique/T1112,"Windows Registry,File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1113,"API monitoring,Process monitoring,File monitoring"
- Technique/T1114,"Authentication logs,File monitoring,Process monitoring,Process use of network"
- Technique/T1115,API monitoring
- Technique/T1116,Binary file metadata
- Technique/T1117,"Loaded DLLs,Process monitoring,Process command-line parameters,Windows Registry"
- Technique/T1118,"Process monitoring,Process command-line parameters"
- Technique/T1119,"File monitoring,Process command-line parameters,Data loss prevention"
- Technique/T1120,
- Technique/T1121,"Process monitoring,Process command-line parameters"
- Technique/T1122,"Windows Registry,DLL monitoring,Loaded DLLs"
- Technique/T1123,"API monitoring,Process monitoring,File monitoring"
- Technique/T1124,"Process monitoring,Process command-line parameters,API monitoring"
- Technique/T1125,"Process monitoring,File monitoring,API monitoring"
- Technique/T1126,"Process monitoring,Process command-line parameters,Packet capture,Authentication logs"
- Technique/T1127,Process monitoring
- Technique/T1128,"Process monitoring,DLL monitoring,Windows Registry"
- Technique/T1129,"Process Monitoring,API monitoring,File monitoring,DLL monitoring"
- Technique/T1130,"SSL/TLS inspection,Digital Certificate Logs"
- Technique/T1131,"DLL monitoring,Windows Registry,Loaded DLLs"
- Technique/T1132,"Packet capture,Process use of network,Process Monitoring,Network protocol analysis"
- Technique/T1133,Authentication logs
- Technique/T1134,"API monitoring,Access Tokens"
- Technique/T1135,"Process Monitoring,Process command-line parameters,Network protocol analysis,Process use of network"
- Technique/T1136,"Process Monitoring,Process command-line parameters,Authentication logs,Windows event logs"
- Technique/T1137,"Process monitoring,Process command-line parameters,Windows Registry,File monitoring"
- Technique/T1138,"Loaded DLLs,System calls,Windows Registry,Process Monitoring,Process command-line parameters"
- Technique/T1139,"File monitoring,Process monitoring,Process command-line parameters"
- Technique/T1140,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1141,"User interface,Process Monitoring"
- Technique/T1142,"System calls,Process Monitoring"
- Technique/T1143,File monitoring
- Technique/T1144,
- Technique/T1145,File monitoring
- Technique/T1146,"Authentication logs,File monitoring"
- Technique/T1147,"Authentication logs,File monitoring"
- Technique/T1148,"Process Monitoring,Authentication logs,File monitoring,Environment variable"
- Technique/T1149,"Binary file metadata,Malware reverse engineering,Process Monitoring"
- Technique/T1150,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1151,"File monitoring,Process Monitoring"
- Technique/T1152,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1153,"Process Monitoring,File monitoring,Process command-line parameters"
- Technique/T1154,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1155,"API monitoring,System calls,Process Monitoring,Process command-line parameters"
- Technique/T1156,"File monitoring,Process Monitoring,Process command-line parameters,Process use of network"
- Technique/T1157,File monitoring
- Technique/T1158,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1159,"File monitoring,Process Monitoring"
- Technique/T1160,"Process Monitoring,File monitoring"
- Technique/T1161,"Binary file metadata,Process Monitoring,Process command-line parameters,File monitoring"
- Technique/T1162,
- Technique/T1163,"File monitoring,Process Monitoring"
- Technique/T1164,
- Technique/T1165,"File monitoring,Process Monitoring"
- Technique/T1166,"File monitoring,Process Monitoring,Process command-line parameters"
- Technique/T1167,Process Monitoring
- Technique/T1168,"File monitoring,Process Monitoring"
- Technique/T1169,File monitoring
- Technique/T1170,"Process monitoring,Process command-line parameters"
- Technique/T1171,"Windows Registry,Packet capture,Netflow/Enclave netflow"
- Technique/T1172,"SSL/TLS inspection,Packet capture"
- Technique/T1173,"API monitoring,DLL monitoring,Process Monitoring,Windows Registry,Windows event logs"
- Technique/T1174,"DLL monitoring,Windows Registry,Process monitoring"
- Technique/T1175,"API monitoring,Authentication logs,DLL monitoring,Packet capture,Process monitoring,Windows Registry,Windows event logs"
- Technique/T1176,"Network protocol analysis,Packet capture,System calls,Process use of network,Process monitoring,Browser extensions"
- Technique/T1177,"API monitoring,DLL monitoring,File monitoring,Kernel drivers,Loaded DLLs,Process Monitoring"
- Technique/T1178,"API monitoring,Authentication logs,Windows event logs"
- Technique/T1179,"API monitoring,Binary file metadata,DLL monitoring,Loaded DLLs,Process Monitoring,Windows event logs"
- Technique/T1180,"Process Monitoring,Process command-line parameters,Windows Registry,File monitoring"
- Technique/T1181,
- Technique/T1182,"Loaded DLLs,Process Monitoring,Windows Registry"
- Technique/T1183,"Process Monitoring,Windows Registry,Windows event logs"
- Technique/T1184,Authentication logs
- Technique/T1185,"Authentication logs,Packet capture,Process Monitoring,API monitoring"
- Technique/T1186,"API monitoring,Process Monitoring"
- Technique/T1187,"File monitoring,Network protocol analysis,Network device logs,Process use of network"
- Technique/T1188,"Network protocol analysis,Netflow/Enclave netflow"
- Technique/T1189,"Packet capture,Network device logs,Process use of network,Web proxy,Network intrusion detection system,SSL/TLS inspection"
- Technique/T1190,"Application logs,Packet capture,Web logs,Web application firewall logs"
- Technique/T1191,"Process Monitoring,Process command-line parameters"
- Technique/T1192,"Packet capture,Web proxy,Email gateway,Detonation chamber,SSL/TLS inspection,DNS records,Mail server"
- Technique/T1193,"File monitoring,Packet capture,Mail server,Network intrusion detection system,Detonation chamber,Email gateway"
- Technique/T1194,"SSL/TLS inspection,Anti-virus,Web proxy"
- Technique/T1195,"Web proxy,File monitoring"
- Technique/T1196,"API monitoring,Binary file metadata,DLL monitoring,Process command-line parameters,Process Monitoring,Windows Registry,Windows event logs"
- Technique/T1197,"API monitoring,Packet capture,Windows event logs"
- Technique/T1198,"API monitoring,Application Logs,DLL monitoring,Loaded DLLs,Process Monitoring,Windows Registry,Windows event logs"
- Technique/T1199,"Application Logs,Authentication logs,Third-party application logs"
- Technique/T1200,"Asset Management,Data loss prevention"
- Technique/T1201,"Process command-line parameters,Process Monitoring"
- Technique/T1202,"Process Monitoring,Process command-line parameters,Windows event logs"
- Technique/T1203,"Anti-virus,System calls,Process Monitoring"
- Technique/T1204,"Anti-virus,Process command-line parameters,Process monitoring"
- Technique/T1205,
- Technique/T1206,"File monitoring,Process command-line parameters"
- Technique/T1207,"API monitoring,Authentication logs,Network protocol analysis,Packet capture"
- Technique/T1208,Windows event logs
- Technique/T1209,"API monitoring,Binary file metadata,DLL monitoring,File monitoring,Loaded DLLs,Process Monitoring"
- Technique/T1210,"Windows Error Reporting,Process Monitoring,File monitoring"
- Technique/T1211,"Windows Error Reporting,Process Monitoring,File monitoring"
- Technique/T1212,"Authentication logs,Windows Error Reporting,Process Monitoring"
- Technique/T1213,"Application Logs,Authentication logs,Data loss prevention,Third-party application logs"
- Technique/T1214,"Windows Registry,Process command-line parameters,Process Monitoring"
- Technique/T1215,"System calls,Process Monitoring,Process command-line parameters"
- Technique/T1216,"Process monitoring,Process command-line parameters"
- Technique/T1217,"API monitoring,File monitoring,Process command-line parameters,Process Monitoring"
- Technique/T1218,"Process monitoring,Process command-line parameters"
- Technique/T1219,"Network intrusion detection system,Network protocol analysis,Process use of network,Process Monitoring"
Add Comment
Please, Sign In to add comment