Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10

MITRE ATT&CK TTP Matrix

350 grupos · 12 tácticas MITRE ATT&CK

MatrixMITRE BlueprintPor Actor
146 técnicas en 14 tácticas
TA0001 7

Initial Access

T1078Valid Accounts
T1189Drive-by Compromise
T1190Exploit Public-Facing Application
T1566Phishing
T1566.001Phishing: Spearphishing Attachment
T1566.002Phishing: Spearphishing Link
T1566.003Phishing: Spearphishing Voice
TA0002 12

Execution

T1047Windows Management Instrumentation
T1053.005Scheduled Task/Job: Scheduled Task
T1059Command and Scripting Interpreter
T1059.001Command and Scripting Interpreter: PowerShell
T1059.003Command and Scripting Interpreter: Windows Command Shell
T1059.005Command and Scripting Interpreter: Visual Basic
T1106Native API
T1129Shared Modules
T1203Exploitation for Client Execution
T1204User Execution
T1204.001User Execution: Malicious Link
T1204.002User Execution: Malicious File
TA0003 7

Persistence

T1098Account Manipulation
T1505.004Server Software Component: IIS Components
T1542.003Pre-OS Boot: Bootkit
T1543.003Create or Modify System Process: Windows Service
T1547.001Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.009Boot or Logon Autostart Execution: Shortcut Modification
T1574.001Hijack Execution Flow: DLL Search Order Hijacking
TA0004 4

Privilege Escalation

T1068Exploitation for Privilege Escalation
T1134Access Token Manipulation
T1134.002Access Token Manipulation: Create Process with Token
T1543Create or Modify System Process
TA0005 36

Defense Evasion

T1027Obfuscated Files or Information
T1027.002Obfuscated Files or Information: Software Packing
T1027.005Obfuscated Files or Information: Indicator Removal from Tools
T1027.007Obfuscated Files or Information: Dynamic API Resolution
T1027.009Obfuscated Files or Information: Embedded Payloads
T1027.013Obfuscated Files or Information: Encrypted/Encoded File
T1036Masquerading
T1036.003Masquerading: Rename Legitimate Utilities
T1036.004Masquerading: Masquerade Task or Service
T1036.005Masquerading: Match Legitimate Name or Location
T1036.008Masquerading: Masquerade File Type
T1055.001Process Injection: DLL Injection
T1070Indicator Removal
T1070.003Indicator Removal: Clear Command History
T1070.004Indicator Removal: File Deletion
T1070.006Indicator Removal: Timestomp
T1140Deobfuscate/Decode Files or Information
T1202Indirect Command Execution
T1218System Binary Proxy Execution
T1218.005System Binary Proxy Execution: Mshta
T1218.010System Binary Proxy Execution: Regsvr32
T1218.011System Binary Proxy Execution: Rundll32
T1220XSL Script Processing
T1221Template Injection
T1222File and Directory Permissions Modification
T1497.001Virtualization/Sandbox Evasion: System Checks
T1497.003Virtualization/Sandbox Evasion: Time Based Checks
T1548Abuse Elevation Control Mechanism
T1553.002Subvert Trust Controls: Code Signing
T1562Impair Defenses
T1562.001Impair Defenses: Disable or Modify Tools
T1562.004Impair Defenses: Disable or Modify System Firewall
T1564.001Hidden Artifacts: Hidden Files and Directories
T1574.013Hijack Execution Flow: KernelCallbackTable
T1620Reflective DLL Injection
T1622Debugger Evasion
TA0006 8

Credential Access

T1003OS Credential Dumping
T1056Input Capture
T1056.001Input Capture: Keylogging
T1110.003Brute Force: Password Spraying
T1539Steal Web Session Cookie
T1552Unsecured Credentials
T1552.001Unsecured Credentials: Credentials In Files
T1557.001Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning
TA0007 17

Discovery

T1007System Service Discovery
T1010Application Window Discovery
T1012Query Registry
T1016System Network Configuration Discovery
T1033System Owner/User Discovery
T1046Network Service Discovery
T1049System Network Connections Discovery
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
T1087Account Discovery
T1087.002Account Discovery: Domain Account
T1124Time Discovery
T1135Network Share Discovery
T1518Software Discovery
T1614System Location Discovery
T1614.001System Location Discovery: System Language Discovery
TA0008 4

Lateral Movement

T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
T1021.004Remote Services: SSH
T1534Internal Spearphishing
TA0009 8

Collection

T1005Data from Local System
T1074Data Staged
T1074.001Data Staged: Local Data Staging
T1114Email Collection
T1560Archive Collected Data
T1560.001Archive Collected Data: Archive via Utility
T1560.002Archive Collected Data: Archive via Library
T1560.003Archive Collected Data: Archive via Custom Method
TA0010 3

Exfiltration

T1041Exfiltration Over C2 Channel
T1048.003Exfiltration Over Alternative Protocol: Unencrypted Non-C2 Protocol
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0011 13

Command & Control

T1001.003Data Obfuscation: Protocol or Service Impersonation
T1008Fallback Channels
T1071Application Layer Protocol
T1071.001Application Layer Protocol: Web Protocols
T1090.001Proxy: Internal Proxy
T1090.002Proxy: External Proxy
T1102.002Web Service: Bidirectional Communication
T1104Multi-Stage Channels
T1105Ingress Tool Transfer
T1132.001Data Encoding: Standard Encoding
T1571Non-Standard Port
T1573Encrypted Channel
T1573.001Encrypted Channel: Symmetric Cryptography
TA0040 9

Impact

T1485Data Destruction
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery
T1491.001Defacement: Internal Defacement
T1529System Shutdown/Reboot
T1561Disk Wipe
T1561.001Disk Wipe: Disk Content Wipe
T1561.002Disk Wipe: Disk Structure Wipe