API tools faq
paste
Guest User

Untitled

a guest
Sep 24th, 2018
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.99 KB | None | 0 0
raw download clone embed print report
  1. TechniqueID,Data Source
  2. Technique/T1001,"Packet capture,Process use of network,Process monitoring,Network protocol analysis"
  3. Technique/T1002,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
  4. Technique/T1003,"API monitoring,Process command-line parameters,Process monitoring,PowerShell logs"
  5. Technique/T1004,"Windows Registry,File monitoring,Process monitoring"
  6. Technique/T1005,"File monitoring,Process monitoring,Process command-line parameters"
  7. Technique/T1006,API monitoring
  8. Technique/T1007,"Process command-line parameters,Process monitoring"
  9. Technique/T1008,"Packet capture,Netflow/Enclave netflow,Malware reverse engineering,Process use of network,Process monitoring"
  10. Technique/T1009,
  11. Technique/T1010,"API monitoring,Process command-line parameters,Process monitoring"
  12. Technique/T1011,"User interface,Process monitoring"
  13. Technique/T1012,"Windows Registry,Process monitoring,Process command-line parameters"
  14. Technique/T1013,"File monitoring,API monitoring,DLL monitoring,Windows Registry,Process monitoring"
  15. Technique/T1014,"BIOS,MBR,System calls"
  16. Technique/T1015,"Windows Registry,File monitoring,Process monitoring"
  17. Technique/T1016,"Process command-line parameters,Process monitoring"
  18. Technique/T1017,"File monitoring,Process use of network,Process monitoring"
  19. Technique/T1018,"Network protocol analysis,Process command-line parameters,Process monitoring,Process use of network"
  20. Technique/T1019,"API monitoring,BIOS,EFI"
  21. Technique/T1020,"File monitoring,Process monitoring,Process use of network"
  22. Technique/T1021,Authentication logs
  23. Technique/T1022,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
  24. Technique/T1023,"File monitoring,Process command-line parameters,Process monitoring"
  25. Technique/T1024,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
  26. Technique/T1025,"File monitoring,Process monitoring,Process command-line parameters"
  27. Technique/T1026,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
  28. Technique/T1027,"Network protocol analysis,Process use of network,Binary file metadata,File monitoring,Malware reverse engineering,Process command-line parameters,Environment variable,Process Monitoring,Windows event logs,Network intrusion detection system,Email gateway,SSL/TLS inspection"
  29. Technique/T1028,"File monitoring,Authentication logs,Netflow/Enclave netflow,Process command-line parameters,Process monitoring"
  30. Technique/T1029,"Netflow/Enclave netflow,Process use of network,Process monitoring"
  31. Technique/T1030,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
  32. Technique/T1031,"Windows Registry,File monitoring,Process command-line parameters,Process monitoring"
  33. Technique/T1032,"Packet capture,Netflow/Enclave netflow,Malware reverse engineering,Process use of network,Process monitoring,SSL/TLS inspection"
  34. Technique/T1033,"File monitoring,Process monitoring,Process command-line parameters"
  35. Technique/T1034,"File monitoring,Process monitoring"
  36. Technique/T1035,"Windows Registry,Process command-line parameters,Process monitoring"
  37. Technique/T1036,"File monitoring,Process monitoring,Binary file metadata"
  38. Technique/T1037,"File monitoring,Process monitoring"
  39. Technique/T1038,"File monitoring,DLL monitoring,Process command-line parameters,Process monitoring"
  40. Technique/T1039,"File monitoring,Process monitoring,Process command-line parameters"
  41. Technique/T1040,"Network device logs,Host network interface,Netflow/Enclave netflow"
  42. Technique/T1041,"User interface,Process monitoring"
  43. Technique/T1042,"Windows Registry,Process command-line parameters,Process monitoring"
  44. Technique/T1043,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
  45. Technique/T1044,"File monitoring,Process command-line parameters,Services"
  46. Technique/T1045,Binary file metadata
  47. Technique/T1046,"Netflow/Enclave netflow,Network protocol analysis,Packet capture,Process command-line parameters,Process use of network"
  48. Technique/T1047,"Authentication logs,Netflow/Enclave netflow,Process command-line parameters,Process monitoring"
  49. Technique/T1048,"User interface,Process monitoring,Process use of network,Packet capture,Netflow/Enclave netflow,Network protocol analysis"
  50. Technique/T1049,"Process command-line parameters,Process monitoring"
  51. Technique/T1050,"Windows Registry,Process monitoring,Process command-line parameters"
  52. Technique/T1051,"File monitoring,Process monitoring"
  53. Technique/T1052,"Data loss prevention,File monitoring"
  54. Technique/T1053,"File monitoring,Process command-line parameters,Process monitoring,Windows event logs"
  55. Technique/T1054,"Sensor health and status,Process command-line parameters,Process monitoring"
  56. Technique/T1055,"API monitoring,Windows Registry,File monitoring,DLL monitoring,Named Pipes,Process Monitoring"
  57. Technique/T1056,"Windows Registry,Kernel drivers,Process monitoring,API monitoring"
  58. Technique/T1057,"Process command-line parameters,Process monitoring"
  59. Technique/T1058,"Process command-line parameters,Services,Windows Registry"
  60. Technique/T1059,"Process command-line parameters,Process monitoring"
  61. Technique/T1060,"Windows Registry,File monitoring"
  62. Technique/T1061,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
  63. Technique/T1062,System calls
  64. Technique/T1063,"File monitoring,Process command-line parameters,Process monitoring"
  65. Technique/T1064,"Process monitoring,File monitoring,Process command-line parameters"
  66. Technique/T1065,"Netflow/Enclave netflow,Process use of network,Process monitoring"
  67. Technique/T1066,"Process use of network,Anti-virus,Binary file metadata,Process command-line parameters,Process monitoring"
  68. Technique/T1067,"API monitoring,MBR,VBR"
  69. Technique/T1068,"Windows Error Reporting,Process monitoring,Application Logs"
  70. Technique/T1069,"API monitoring,Process command-line parameters,Process monitoring"
  71. Technique/T1070,"File monitoring,Process command-line parameters,Process monitoring"
  72. Technique/T1071,"Packet capture,Netflow/Enclave netflow,Process use of network,Malware reverse engineering,Process monitoring"
  73. Technique/T1072,"Binary file metadata,File monitoring,Process monitoring,Process use of network,Third-party application logs,Windows Registry"
  74. Technique/T1073,"Process use of network,Process monitoring,Loaded DLLs"
  75. Technique/T1074,"File monitoring,Process monitoring,Process command-line parameters"
  76. Technique/T1075,Authentication logs
  77. Technique/T1076,"Authentication logs,Netflow/Enclave netflow,Process monitoring"
  78. Technique/T1077,"Process use of network,Authentication logs,Process command-line parameters,Process monitoring"
  79. Technique/T1078,"Authentication logs,Process monitoring"
  80. Technique/T1079,"Packet capture,Process use of network,Malware reverse engineering,Process monitoring"
  81. Technique/T1080,"File monitoring,Process monitoring"
  82. Technique/T1081,"File monitoring,Process command-line parameters"
  83. Technique/T1082,"Process command-line parameters,Process monitoring"
  84. Technique/T1083,"File monitoring,Process command-line parameters,Process monitoring"
  85. Technique/T1084,WMI Objects
  86. Technique/T1085,"File monitoring,Binary file metadata,Process command-line parameters,Process monitoring"
  87. Technique/T1086,"Windows Registry,File monitoring,Process command-line parameters,Process monitoring"
  88. Technique/T1087,"API monitoring,Process command-line parameters,Process monitoring"
  89. Technique/T1088,"System calls,Process monitoring,Authentication logs,Process command-line parameters"
  90. Technique/T1089,"API monitoring,Anti-virus,File monitoring,Services,Windows Registry,Process command-line parameters"
  91. Technique/T1090,"Process use of network,Process monitoring,Netflow/Enclave netflow,Packet capture"
  92. Technique/T1091,"File monitoring,Data loss prevention"
  93. Technique/T1092,"File monitoring,Data loss prevention"
  94. Technique/T1093,"Process monitoring,API monitoring"
  95. Technique/T1094,"Packet capture,Netflow/Enclave netflow,Process use of network,Process monitoring"
  96. Technique/T1095,
  97. Technique/T1096,"File monitoring,Kernel drivers,API monitoring"
  98. Technique/T1097,Authentication logs
  99. Technique/T1098,"Authentication logs,API monitoring,Windows event logs,Packet capture"
  100. Technique/T1099,"File monitoring,Process monitoring,Process command-line parameters"
  101. Technique/T1100,"Anti-virus,File monitoring,Process monitoring,Authentication logs,Netflow/Enclave netflow"
  102. Technique/T1101,"DLL monitoring,Windows Registry,Loaded DLLs"
  103. Technique/T1102,"Host network interface,Netflow/Enclave netflow,Network protocol analysis,Packet capture,SSL/TLS inspection"
  104. Technique/T1103,"Loaded DLLs,Process monitoring,Windows Registry"
  105. Technique/T1104,"Netflow/Enclave netflow,Network device logs,Network protocol analysis,Packet capture,Process use of network"
  106. Technique/T1105,"File monitoring,Packet capture,Process use of network,Netflow/Enclave netflow,Network protocol analysis,Process monitoring"
  107. Technique/T1106,"API monitoring,Process monitoring"
  108. Technique/T1107,"Binary file metadata,File monitoring,Process command-line parameters"
  109. Technique/T1108,"Process monitoring,Process use of network,Packet capture,Network protocol analysis,File monitoring,Binary file metadata,Authentication logs"
  110. Technique/T1109,
  111. Technique/T1110,Authentication logs
  112. Technique/T1111,
  113. Technique/T1112,"Windows Registry,File monitoring,Process monitoring,Process command-line parameters"
  114. Technique/T1113,"API monitoring,Process monitoring,File monitoring"
  115. Technique/T1114,"Authentication logs,File monitoring,Process monitoring,Process use of network"
  116. Technique/T1115,API monitoring
  117. Technique/T1116,Binary file metadata
  118. Technique/T1117,"Loaded DLLs,Process monitoring,Process command-line parameters,Windows Registry"
  119. Technique/T1118,"Process monitoring,Process command-line parameters"
  120. Technique/T1119,"File monitoring,Process command-line parameters,Data loss prevention"
  121. Technique/T1120,
  122. Technique/T1121,"Process monitoring,Process command-line parameters"
  123. Technique/T1122,"Windows Registry,DLL monitoring,Loaded DLLs"
  124. Technique/T1123,"API monitoring,Process monitoring,File monitoring"
  125. Technique/T1124,"Process monitoring,Process command-line parameters,API monitoring"
  126. Technique/T1125,"Process monitoring,File monitoring,API monitoring"
  127. Technique/T1126,"Process monitoring,Process command-line parameters,Packet capture,Authentication logs"
  128. Technique/T1127,Process monitoring
  129. Technique/T1128,"Process monitoring,DLL monitoring,Windows Registry"
  130. Technique/T1129,"Process Monitoring,API monitoring,File monitoring,DLL monitoring"
  131. Technique/T1130,"SSL/TLS inspection,Digital Certificate Logs"
  132. Technique/T1131,"DLL monitoring,Windows Registry,Loaded DLLs"
  133. Technique/T1132,"Packet capture,Process use of network,Process Monitoring,Network protocol analysis"
  134. Technique/T1133,Authentication logs
  135. Technique/T1134,"API monitoring,Access Tokens"
  136. Technique/T1135,"Process Monitoring,Process command-line parameters,Network protocol analysis,Process use of network"
  137. Technique/T1136,"Process Monitoring,Process command-line parameters,Authentication logs,Windows event logs"
  138. Technique/T1137,"Process monitoring,Process command-line parameters,Windows Registry,File monitoring"
  139. Technique/T1138,"Loaded DLLs,System calls,Windows Registry,Process Monitoring,Process command-line parameters"
  140. Technique/T1139,"File monitoring,Process monitoring,Process command-line parameters"
  141. Technique/T1140,"File monitoring,Process Monitoring,Process command-line parameters"
  142. Technique/T1141,"User interface,Process Monitoring"
  143. Technique/T1142,"System calls,Process Monitoring"
  144. Technique/T1143,File monitoring
  145. Technique/T1144,
  146. Technique/T1145,File monitoring
  147. Technique/T1146,"Authentication logs,File monitoring"
  148. Technique/T1147,"Authentication logs,File monitoring"
  149. Technique/T1148,"Process Monitoring,Authentication logs,File monitoring,Environment variable"
  150. Technique/T1149,"Binary file metadata,Malware reverse engineering,Process Monitoring"
  151. Technique/T1150,"File monitoring,Process Monitoring,Process command-line parameters"
  152. Technique/T1151,"File monitoring,Process Monitoring"
  153. Technique/T1152,"File monitoring,Process Monitoring,Process command-line parameters"
  154. Technique/T1153,"Process Monitoring,File monitoring,Process command-line parameters"
  155. Technique/T1154,"File monitoring,Process Monitoring,Process command-line parameters"
  156. Technique/T1155,"API monitoring,System calls,Process Monitoring,Process command-line parameters"
  157. Technique/T1156,"File monitoring,Process Monitoring,Process command-line parameters,Process use of network"
  158. Technique/T1157,File monitoring
  159. Technique/T1158,"File monitoring,Process Monitoring,Process command-line parameters"
  160. Technique/T1159,"File monitoring,Process Monitoring"
  161. Technique/T1160,"Process Monitoring,File monitoring"
  162. Technique/T1161,"Binary file metadata,Process Monitoring,Process command-line parameters,File monitoring"
  163. Technique/T1162,
  164. Technique/T1163,"File monitoring,Process Monitoring"
  165. Technique/T1164,
  166. Technique/T1165,"File monitoring,Process Monitoring"
  167. Technique/T1166,"File monitoring,Process Monitoring,Process command-line parameters"
  168. Technique/T1167,Process Monitoring
  169. Technique/T1168,"File monitoring,Process Monitoring"
  170. Technique/T1169,File monitoring
  171. Technique/T1170,"Process monitoring,Process command-line parameters"
  172. Technique/T1171,"Windows Registry,Packet capture,Netflow/Enclave netflow"
  173. Technique/T1172,"SSL/TLS inspection,Packet capture"
  174. Technique/T1173,"API monitoring,DLL monitoring,Process Monitoring,Windows Registry,Windows event logs"
  175. Technique/T1174,"DLL monitoring,Windows Registry,Process monitoring"
  176. Technique/T1175,"API monitoring,Authentication logs,DLL monitoring,Packet capture,Process monitoring,Windows Registry,Windows event logs"
  177. Technique/T1176,"Network protocol analysis,Packet capture,System calls,Process use of network,Process monitoring,Browser extensions"
  178. Technique/T1177,"API monitoring,DLL monitoring,File monitoring,Kernel drivers,Loaded DLLs,Process Monitoring"
  179. Technique/T1178,"API monitoring,Authentication logs,Windows event logs"
  180. Technique/T1179,"API monitoring,Binary file metadata,DLL monitoring,Loaded DLLs,Process Monitoring,Windows event logs"
  181. Technique/T1180,"Process Monitoring,Process command-line parameters,Windows Registry,File monitoring"
  182. Technique/T1181,
  183. Technique/T1182,"Loaded DLLs,Process Monitoring,Windows Registry"
  184. Technique/T1183,"Process Monitoring,Windows Registry,Windows event logs"
  185. Technique/T1184,Authentication logs
  186. Technique/T1185,"Authentication logs,Packet capture,Process Monitoring,API monitoring"
  187. Technique/T1186,"API monitoring,Process Monitoring"
  188. Technique/T1187,"File monitoring,Network protocol analysis,Network device logs,Process use of network"
  189. Technique/T1188,"Network protocol analysis,Netflow/Enclave netflow"
  190. Technique/T1189,"Packet capture,Network device logs,Process use of network,Web proxy,Network intrusion detection system,SSL/TLS inspection"
  191. Technique/T1190,"Application logs,Packet capture,Web logs,Web application firewall logs"
  192. Technique/T1191,"Process Monitoring,Process command-line parameters"
  193. Technique/T1192,"Packet capture,Web proxy,Email gateway,Detonation chamber,SSL/TLS inspection,DNS records,Mail server"
  194. Technique/T1193,"File monitoring,Packet capture,Mail server,Network intrusion detection system,Detonation chamber,Email gateway"
  195. Technique/T1194,"SSL/TLS inspection,Anti-virus,Web proxy"
  196. Technique/T1195,"Web proxy,File monitoring"
  197. Technique/T1196,"API monitoring,Binary file metadata,DLL monitoring,Process command-line parameters,Process Monitoring,Windows Registry,Windows event logs"
  198. Technique/T1197,"API monitoring,Packet capture,Windows event logs"
  199. Technique/T1198,"API monitoring,Application Logs,DLL monitoring,Loaded DLLs,Process Monitoring,Windows Registry,Windows event logs"
  200. Technique/T1199,"Application Logs,Authentication logs,Third-party application logs"
  201. Technique/T1200,"Asset Management,Data loss prevention"
  202. Technique/T1201,"Process command-line parameters,Process Monitoring"
  203. Technique/T1202,"Process Monitoring,Process command-line parameters,Windows event logs"
  204. Technique/T1203,"Anti-virus,System calls,Process Monitoring"
  205. Technique/T1204,"Anti-virus,Process command-line parameters,Process monitoring"
  206. Technique/T1205,
  207. Technique/T1206,"File monitoring,Process command-line parameters"
  208. Technique/T1207,"API monitoring,Authentication logs,Network protocol analysis,Packet capture"
  209. Technique/T1208,Windows event logs
  210. Technique/T1209,"API monitoring,Binary file metadata,DLL monitoring,File monitoring,Loaded DLLs,Process Monitoring"
  211. Technique/T1210,"Windows Error Reporting,Process Monitoring,File monitoring"
  212. Technique/T1211,"Windows Error Reporting,Process Monitoring,File monitoring"
  213. Technique/T1212,"Authentication logs,Windows Error Reporting,Process Monitoring"
  214. Technique/T1213,"Application Logs,Authentication logs,Data loss prevention,Third-party application logs"
  215. Technique/T1214,"Windows Registry,Process command-line parameters,Process Monitoring"
  216. Technique/T1215,"System calls,Process Monitoring,Process command-line parameters"
  217. Technique/T1216,"Process monitoring,Process command-line parameters"
  218. Technique/T1217,"API monitoring,File monitoring,Process command-line parameters,Process Monitoring"
  219. Technique/T1218,"Process monitoring,Process command-line parameters"
  220. Technique/T1219,"Network intrusion detection system,Network protocol analysis,Process use of network,Process Monitoring"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!