MITRE ATT&CK 정리 및 번역(작성중)

Board view

Search

Reconnaissance

10

Resource Development

7

Initial Access

9

Execution

12

Persistence

19

Privilege Escalation

13

Defense Evasion

40

Credential Access

15

Discovery

26

Lateral Movement

9

Active Scanning

Gather Victim Host Information

Gather Victim Identity Information

Gather Victim Network Information

Gather Victim Org Information

Phishing for Information

Search Closed Sources

Search Open Technical Databases

Search Open Websites/Domains

Search Victim-Owned Websites

Acquire Infrastructure

Compromise Accounts

Compromise Infrastructure

Develop Capabilities

Establish Accounts

Obtain Capabilities

Stage Capabilities

Drive-by Compromise

Exploit Public-Facing Application

External Remote Services

Hardware Additions

Replication Through Removable Media

Supply Chain Compromise

Trusted Relationship

Command and Scripting Interpreter

Container Administration Command

Deploy Container

Exploitation for Client Execution

Inter-Process Communication

Scheduled Task/Job

Software Deployment Tools

System Services

Windows Management Instrumentation

Account Manipulation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

Browser Extensions

Compromise Client Software Binary

Create or Modify System Process

Event Triggered Execution

External Remote Services

Hijack Execution Flow

Implant Internal Image

Modify Authentication Process

Office Application Startup

Scheduled Task/Job

Server Software Component

Traffic Signaling

Abuse Elevation Control Mechanism

Access Token Manipulation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

Create or Modify System Process

Domain Policy Modification

Event Triggered Execution

Exploitation for Privilege Escalation

Hijack Execution Flow

Process Injection

Scheduled Task/Job

Abuse Elevation Control Mechanism

Access Token Manipulation

Build Image on Host

Deobfuscate/Decode Files or Information

Deploy Container

Direct Volume Access

Execution Guardrails

Exploitation for Defense Evasion

File and Directory Permissions Modification

Hijack Execution Flow

Impair Defenses

Indicator Removal on Host

Indirect Command Execution

Modify Authentication Process

Modify Cloud Compute Infrastructure

Modify Registry

Modify System Image

Network Boundary Bridging

Obfuscated Files or Information

Process Injection

Reflective Code Loading

Rogue Domain Controller

Signed Binary Proxy Execution

Signed Script Proxy Execution

Subvert Trust Controls

Template Injection

Traffic Signaling

Trusted Developer Utilities Proxy Execution

Unused/Unsupported Cloud Regions

Use Alternate Authentication

Virtualization/Sandbox Evasion

Weaken Encryption

XSL Script Processing

Adversary-in-the-Middle

Credentials from Password Stores

Exploitation for Credential Access

Forced Authentication

Forge Web Credentials

Modify Authentication Process

Network Sniffing

OS Credential Dumping

Steal Application Access Token

Steal or Forge Kerberos Tickets

Steal Web Session Cookie

Two-Factor Authentication Interception

Unsecured Credentials

Exploitation of Remote Services

Internal Spearphishing

Lateral Tool Transfer

Remote Service Session Hijacking

Remote Services

Replication Through Removable

Software Deployment Tools

Taint Shared Content

Use Alternate Authentication Material