[{"attack_id": "T1001", "attack_technique": "Data Obfuscation", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1001", "attack_technique": "Data Obfuscation", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1001", "attack_technique": "Data Obfuscation", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1003", "attack_technique": "OS Credential Dumping", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1005", "attack_technique": "Data from Local System", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1006", "attack_technique": "Direct Volume Access", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1007", "attack_technique": "System Service Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1008", "attack_technique": "Fallback Channels", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1008", "attack_technique": "Fallback Channels", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1008", "attack_technique": "Fallback Channels", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1008", "attack_technique": "Fallback Channels", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1008", "attack_technique": "Fallback Channels", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1010", "attack_technique": "Application Window Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1010", "attack_technique": "Application Window Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1010", "attack_technique": "Application Window Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1011", "attack_technique": "Exfiltration Over Other Network Medium", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1012", "attack_technique": "Query Registry", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1012", "attack_technique": "Query Registry", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1012", "attack_technique": "Query Registry", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1012", "attack_technique": "Query Registry", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1012", "attack_technique": "Query Registry", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1014", "attack_technique": "Rootkit", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1014", "attack_technique": "Rootkit", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1014", "attack_technique": "Rootkit", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1016", "attack_technique": "System Network Configuration Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1018", "attack_technique": "Remote System Discovery", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1020", "attack_technique": "Automated Exfiltration", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1021", "attack_technique": "Remote Services", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1021", "attack_technique": "Remote Services", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1021", "attack_technique": "Remote Services", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1021", "attack_technique": "Remote Services", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1021", "attack_technique": "Remote Services", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1025", "attack_technique": "Data from Removable Media", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1025", "attack_technique": "Data from Removable Media", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1025", "attack_technique": "Data from Removable Media", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1025", "attack_technique": "Data from Removable Media", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1025", "attack_technique": "Data from Removable Media", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1027", "attack_technique": "Obfuscated Files or Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1027", "attack_technique": "Obfuscated Files or Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1027", "attack_technique": "Obfuscated Files or Information", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1027", "attack_technique": "Obfuscated Files or Information", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1029", "attack_technique": "Scheduled Transfer", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1030", "attack_technique": "Data Transfer Size Limits", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1033", "attack_technique": "System Owner/User Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1036", "attack_technique": "Masquerading", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1037", "attack_technique": "Boot or Logon Initialization Scripts", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1039", "attack_technique": "Data from Network Shared Drive", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1041", "attack_technique": "Exfiltration Over C2 Channel", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1047", "attack_technique": "Windows Management Instrumentation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1048", "attack_technique": "Exfiltration Over Alternative Protocol", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1049", "attack_technique": "System Network Connections Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1052", "attack_technique": "Exfiltration Over Physical Medium", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1053", "attack_technique": "Scheduled Task/Job", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1053", "attack_technique": "Scheduled Task/Job", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1053", "attack_technique": "Scheduled Task/Job", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1055", "attack_technique": "Process Injection", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1056", "attack_technique": "Input Capture", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1056", "attack_technique": "Input Capture", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1056", "attack_technique": "Input Capture", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1056", "attack_technique": "Input Capture", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1057", "attack_technique": "Process Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1059", "attack_technique": "Command and Scripting Interpreter", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1059", "attack_technique": "Command and Scripting Interpreter", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1059", "attack_technique": "Command and Scripting Interpreter", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1059", "attack_technique": "Command and Scripting Interpreter", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1059", "attack_technique": "Command and Scripting Interpreter", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1069", "attack_technique": "Permission Groups Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1069", "attack_technique": "Permission Groups Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1069", "attack_technique": "Permission Groups Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1069", "attack_technique": "Permission Groups Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1069", "attack_technique": "Permission Groups Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1070", "attack_technique": "Indicator Removal on Host", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1070", "attack_technique": "Indicator Removal on Host", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1070", "attack_technique": "Indicator Removal on Host", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1070", "attack_technique": "Indicator Removal on Host", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1071", "attack_technique": "Application Layer Protocol", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1071", "attack_technique": "Application Layer Protocol", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1074", "attack_technique": "Data Staged", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1074", "attack_technique": "Data Staged", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1078", "attack_technique": "Valid Accounts", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1080", "attack_technique": "Taint Shared Content", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1082", "attack_technique": "System Information Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1083", "attack_technique": "File and Directory Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1087", "attack_technique": "Account Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1090", "attack_technique": "Proxy", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1090", "attack_technique": "Proxy", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1091", "attack_technique": "Replication Through Removable Media", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1092", "attack_technique": "Communication Through Removable Media", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1095", "attack_technique": "Non-Application Layer Protocol", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1095", "attack_technique": "Non-Application Layer Protocol", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1098", "attack_technique": "Account Manipulation", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1098", "attack_technique": "Account Manipulation", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1098", "attack_technique": "Account Manipulation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1098", "attack_technique": "Account Manipulation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1098", "attack_technique": "Account Manipulation", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1102", "attack_technique": "Web Service", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1104", "attack_technique": "Multi-Stage Channels", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1104", "attack_technique": "Multi-Stage Channels", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1104", "attack_technique": "Multi-Stage Channels", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1105", "attack_technique": "Ingress Tool Transfer", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1105", "attack_technique": "Ingress Tool Transfer", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1105", "attack_technique": "Ingress Tool Transfer", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1106", "attack_technique": "Native API", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1106", "attack_technique": "Native API", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1110", "attack_technique": "Brute Force", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1110", "attack_technique": "Brute Force", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1110", "attack_technique": "Brute Force", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1110", "attack_technique": "Brute Force", "eav_id": "EAV0022", "eav": "When adversaries use brute-force techniques to access accounts or encrypted data, they are vulnerable to wasting resources if the artifact has no valid credentials or is locked in some other way.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1110", "attack_technique": "Brute Force", "eav_id": "EAV0022", "eav": "When adversaries use brute-force techniques to access accounts or encrypted data, they are vulnerable to wasting resources if the artifact has no valid credentials or is locked in some other way.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1111", "attack_technique": "Two-Factor Authentication Interception", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1111", "attack_technique": "Two-Factor Authentication Interception", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1111", "attack_technique": "Two-Factor Authentication Interception", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1112", "attack_technique": "Modify Registry", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1112", "attack_technique": "Modify Registry", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1112", "attack_technique": "Modify Registry", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1113", "attack_technique": "Screen Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Hardware Manipulation", "eac_id": "EAC0017"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1114", "attack_technique": "Email Collection", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1115", "attack_technique": "Clipboard Data", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1115", "attack_technique": "Clipboard Data", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1115", "attack_technique": "Clipboard Data", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1115", "attack_technique": "Clipboard Data", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1119", "attack_technique": "Automated Collection", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1120", "attack_technique": "Peripheral Device Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Hardware Manipulation", "eac_id": "EAC0017"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1123", "attack_technique": "Audio Capture", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1124", "attack_technique": "System Time Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1124", "attack_technique": "System Time Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1124", "attack_technique": "System Time Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1124", "attack_technique": "System Time Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Hardware Manipulation", "eac_id": "EAC0017"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1125", "attack_technique": "Video Capture", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1129", "attack_technique": "Shared Modules", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1132", "attack_technique": "Data Encoding", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1133", "attack_technique": "External Remote Services", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1134", "attack_technique": "Access Token Manipulation", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1134", "attack_technique": "Access Token Manipulation", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1134", "attack_technique": "Access Token Manipulation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1135", "attack_technique": "Network Share Discovery", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Peripheral Management", "eac_id": "EAC0010"}, {"attack_id": "T1136", "attack_technique": "Create Account", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1136", "attack_technique": "Create Account", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1136", "attack_technique": "Create Account", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1136", "attack_technique": "Create Account", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1137", "attack_technique": "Office Application Startup", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1137", "attack_technique": "Office Application Startup", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1137", "attack_technique": "Office Application Startup", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1137", "attack_technique": "Office Application Startup", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1140", "attack_technique": "Deobfuscate/Decode Files or Information", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1176", "attack_technique": "Browser Extensions", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1176", "attack_technique": "Browser Extensions", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1176", "attack_technique": "Browser Extensions", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1176", "attack_technique": "Browser Extensions", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1176", "attack_technique": "Browser Extensions", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1185", "attack_technique": "Man in the Browser", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1185", "attack_technique": "Man in the Browser", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1185", "attack_technique": "Man in the Browser", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1185", "attack_technique": "Man in the Browser", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1187", "attack_technique": "Forced Authentication", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1187", "attack_technique": "Forced Authentication", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1187", "attack_technique": "Forced Authentication", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1187", "attack_technique": "Forced Authentication", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1189", "attack_technique": "Drive-by Compromise", "eav_id": "EAV0008", "eav": "When adversaries maintain drive-by sites, they provide a pathway for beginning engagements and may be unable to differentiate real from deceptive victims.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1189", "attack_technique": "Drive-by Compromise", "eav_id": "EAV0009", "eav": "When adversaries maintain drive-by sites and collect information about potential victims, they may reveal information about their targeting preferences by selecting or rejecting an arbitrary victim.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1189", "attack_technique": "Drive-by Compromise", "eav_id": "EAV0026", "eav": "When adversaries maintain drive-by sites, they reveal information about their targeting capabilities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1190", "attack_technique": "Exploit Public-Facing Application", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1190", "attack_technique": "Exploit Public-Facing Application", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1190", "attack_technique": "Exploit Public-Facing Application", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1195", "attack_technique": "Supply Chain Compromise", "eav_id": "EAV0014", "eav": "When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1195", "attack_technique": "Supply Chain Compromise", "eav_id": "EAV0014", "eav": "When adversaries manipulate supply chain mechanisms prior to receipt by a final consumer, they forfeit control over when and where the product is connected in the target network.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1197", "attack_technique": "BITS Jobs", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1197", "attack_technique": "BITS Jobs", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1197", "attack_technique": "BITS Jobs", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1199", "attack_technique": "Trusted Relationship", "eav_id": "EAV0003", "eav": "When adversaries exploit a trusted relationship, such as using an account to access or move in the environment, they are vulnerable to triggering tripwires or engaging in anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1199", "attack_technique": "Trusted Relationship", "eav_id": "EAV0015", "eav": "When adversaries exploit a trusted relationship, they are vulnerable to collecting and acting on manipulated data provided by the trusted party.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1199", "attack_technique": "Trusted Relationship", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1199", "attack_technique": "Trusted Relationship", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1200", "attack_technique": "Hardware Additions", "eav_id": "EAV0012", "eav": "When adversaries use hardware peripherals, they must rely on physical access or have limited control over when and where hardware additions are connected in the target network.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1200", "attack_technique": "Hardware Additions", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1200", "attack_technique": "Hardware Additions", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1201", "attack_technique": "Password Policy Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1201", "attack_technique": "Password Policy Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1201", "attack_technique": "Password Policy Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1202", "attack_technique": "Indirect Command Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1202", "attack_technique": "Indirect Command Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1203", "attack_technique": "Exploitation for Client Execution", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1203", "attack_technique": "Exploitation for Client Execution", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1203", "attack_technique": "Exploitation for Client Execution", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1203", "attack_technique": "Exploitation for Client Execution", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Isolation", "eac_id": "EAC0020"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1204", "attack_technique": "User Execution", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1205", "attack_technique": "Traffic Signaling", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1205", "attack_technique": "Traffic Signaling", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1205", "attack_technique": "Traffic Signaling", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1207", "attack_technique": "Rogue Domain Controller", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1207", "attack_technique": "Rogue Domain Controller", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1207", "attack_technique": "Rogue Domain Controller", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1210", "attack_technique": "Exploitation of Remote Services", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1210", "attack_technique": "Exploitation of Remote Services", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1210", "attack_technique": "Exploitation of Remote Services", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1210", "attack_technique": "Exploitation of Remote Services", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1211", "attack_technique": "Exploitation for Defense Evasion", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1211", "attack_technique": "Exploitation for Defense Evasion", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1211", "attack_technique": "Exploitation for Defense Evasion", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1211", "attack_technique": "Exploitation for Defense Evasion", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1212", "attack_technique": "Exploitation for Credential Access", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1212", "attack_technique": "Exploitation for Credential Access", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1212", "attack_technique": "Exploitation for Credential Access", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1212", "attack_technique": "Exploitation for Credential Access", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1212", "attack_technique": "Exploitation for Credential Access", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1213", "attack_technique": "Data from Information Repositories", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1216", "attack_technique": "Signed Script Proxy Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1216", "attack_technique": "Signed Script Proxy Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1216", "attack_technique": "Signed Script Proxy Execution", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1217", "attack_technique": "Browser Bookmark Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1218", "attack_technique": "Signed Binary Proxy Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1218", "attack_technique": "Signed Binary Proxy Execution", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1218", "attack_technique": "Signed Binary Proxy Execution", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1219", "attack_technique": "Remote Access Software", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1220", "attack_technique": "XSL Script Processing", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1220", "attack_technique": "XSL Script Processing", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1220", "attack_technique": "XSL Script Processing", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1220", "attack_technique": "XSL Script Processing", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1221", "attack_technique": "Template Injection", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1221", "attack_technique": "Template Injection", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1221", "attack_technique": "Template Injection", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1221", "attack_technique": "Template Injection", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1222", "attack_technique": "File and Directory Permissions Modification", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1222", "attack_technique": "File and Directory Permissions Modification", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1222", "attack_technique": "File and Directory Permissions Modification", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1480", "attack_technique": "Execution Guardrails", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1480", "attack_technique": "Execution Guardrails", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1480", "attack_technique": "Execution Guardrails", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1482", "attack_technique": "Domain Trust Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1482", "attack_technique": "Domain Trust Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1485", "attack_technique": "Data Destruction", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1486", "attack_technique": "Data Encrypted for Impact", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1486", "attack_technique": "Data Encrypted for Impact", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1486", "attack_technique": "Data Encrypted for Impact", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1489", "attack_technique": "Service Stop", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1489", "attack_technique": "Service Stop", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1490", "attack_technique": "Inhibit System Recovery", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1490", "attack_technique": "Inhibit System Recovery", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1491", "attack_technique": "Defacement", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1491", "attack_technique": "Defacement", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1495", "attack_technique": "Firmware Corruption", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1496", "attack_technique": "Resource Hijacking", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1496", "attack_technique": "Resource Hijacking", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1496", "attack_technique": "Resource Hijacking", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1497", "attack_technique": "Virtualization/Sandbox Evasion", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1497", "attack_technique": "Virtualization/Sandbox Evasion", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1497", "attack_technique": "Virtualization/Sandbox Evasion", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1498", "attack_technique": "Network Denial of Service", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1498", "attack_technique": "Network Denial of Service", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1499", "attack_technique": "Endpoint Denial of Service", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1499", "attack_technique": "Endpoint Denial of Service", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1505", "attack_technique": "Server Software Component", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1505", "attack_technique": "Server Software Component", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1518", "attack_technique": "Software Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1518", "attack_technique": "Software Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1518", "attack_technique": "Software Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1518", "attack_technique": "Software Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1525", "attack_technique": "Implant Internal Image", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1525", "attack_technique": "Implant Internal Image", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1526", "attack_technique": "Cloud Service Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1526", "attack_technique": "Cloud Service Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1526", "attack_technique": "Cloud Service Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1526", "attack_technique": "Cloud Service Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1528", "attack_technique": "Steal Application Access Token", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1528", "attack_technique": "Steal Application Access Token", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1528", "attack_technique": "Steal Application Access Token", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1528", "attack_technique": "Steal Application Access Token", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1529", "attack_technique": "System Shutdown/Reboot", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1529", "attack_technique": "System Shutdown/Reboot", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1529", "attack_technique": "System Shutdown/Reboot", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1530", "attack_technique": "Data from Cloud Storage Object", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1531", "attack_technique": "Account Access Removal", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1535", "attack_technique": "Unused/Unsupported Cloud Regions", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1535", "attack_technique": "Unused/Unsupported Cloud Regions", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1537", "attack_technique": "Transfer Data to Cloud Account", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1538", "attack_technique": "Cloud Service Dashboard", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1538", "attack_technique": "Cloud Service Dashboard", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1538", "attack_technique": "Cloud Service Dashboard", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1538", "attack_technique": "Cloud Service Dashboard", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1538", "attack_technique": "Cloud Service Dashboard", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1539", "attack_technique": "Steal Web Session Cookie", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1539", "attack_technique": "Steal Web Session Cookie", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1539", "attack_technique": "Steal Web Session Cookie", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1539", "attack_technique": "Steal Web Session Cookie", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1542", "attack_technique": "Pre-OS Boot", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1543", "attack_technique": "Create or Modify System Process", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1543", "attack_technique": "Create or Modify System Process", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1543", "attack_technique": "Create or Modify System Process", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1543", "attack_technique": "Create or Modify System Process", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1546", "attack_technique": "Event Triggered Execution", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1546", "attack_technique": "Event Triggered Execution", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1547", "attack_technique": "Boot or Logon Autostart Execution", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1548", "attack_technique": "Abuse Elevation Control Mechanism", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1548", "attack_technique": "Abuse Elevation Control Mechanism", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1550", "attack_technique": "Use Alternate Authentication Material", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1550", "attack_technique": "Use Alternate Authentication Material", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1552", "attack_technique": "Unsecured Credentials", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1553", "attack_technique": "Subvert Trust Controls", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1553", "attack_technique": "Subvert Trust Controls", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1553", "attack_technique": "Subvert Trust Controls", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1554", "attack_technique": "Compromise Client Software Binary", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1554", "attack_technique": "Compromise Client Software Binary", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1554", "attack_technique": "Compromise Client Software Binary", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1554", "attack_technique": "Compromise Client Software Binary", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1555", "attack_technique": "Credentials from Password Stores", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1556", "attack_technique": "Modify Authentication Process", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1556", "attack_technique": "Modify Authentication Process", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1557", "attack_technique": "Man-in-the-Middle", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1557", "attack_technique": "Man-in-the-Middle", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1557", "attack_technique": "Man-in-the-Middle", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1557", "attack_technique": "Man-in-the-Middle", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1558", "attack_technique": "Steal or Forge Kerberos Tickets", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1558", "attack_technique": "Steal or Forge Kerberos Tickets", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1558", "attack_technique": "Steal or Forge Kerberos Tickets", "eav_id": "EAV0011", "eav": "When adversaries use previously stolen information to access or move laterally within an environment, they may reveal previous collection activities.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1558", "attack_technique": "Steal or Forge Kerberos Tickets", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1559", "attack_technique": "Inter-Process Communication", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1559", "attack_technique": "Inter-Process Communication", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1560", "attack_technique": "Archive Collected Data", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1560", "attack_technique": "Archive Collected Data", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1560", "attack_technique": "Archive Collected Data", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1561", "attack_technique": "Disk Wipe", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1561", "attack_technique": "Disk Wipe", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1561", "attack_technique": "Disk Wipe", "eav_id": "EAV0005", "eav": "When adversaries\u2019 malware is detonated, they may be encouraged to operate in an unintended environment.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1561", "attack_technique": "Disk Wipe", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1561", "attack_technique": "Disk Wipe", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1562", "attack_technique": "Impair Defenses", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1562", "attack_technique": "Impair Defenses", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1562", "attack_technique": "Impair Defenses", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1562", "attack_technique": "Impair Defenses", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1563", "attack_technique": "Remote Service Session Hijacking", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1563", "attack_technique": "Remote Service Session Hijacking", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1563", "attack_technique": "Remote Service Session Hijacking", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1563", "attack_technique": "Remote Service Session Hijacking", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1563", "attack_technique": "Remote Service Session Hijacking", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1564", "attack_technique": "Hide Artifacts", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1564", "attack_technique": "Hide Artifacts", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1564", "attack_technique": "Hide Artifacts", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1565", "attack_technique": "Data Manipulation", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1565", "attack_technique": "Data Manipulation", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1565", "attack_technique": "Data Manipulation", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0004", "eav": "When adversaries use phishing emails to gain access to victim systems, they have no control over where a malicious attachment is detonated from, or where a link is clicked.", "eac": "Attack Vector Migration", "eac_id": "EAC0021"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0004", "eav": "When adversaries use phishing emails to gain access to victim systems, they have no control over where a malicious attachment is detonated from, or where a link is clicked.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Email Manipulation", "eac_id": "EAC0009"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "System Activity Monitoring", "eac_id": "EAC0003"}, {"attack_id": "T1566", "attack_technique": "Phishing", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0024", "eav": "When adversaries discover inaccessible but valuable data, they are vulnerable to wasting resources or revealing additional capabilities in an effort to access the content.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0028", "eav": "When adversaries collect manipulated artifacts, they are vulnerable to revealing their presence when using or moving the artifacts elsewhere in the engagement environment.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1567", "attack_technique": "Exfiltration Over Web Service", "eav_id": "EAV0029", "eav": "When adversaries attempt to exfiltrate, manipulate, or move massive data objects, they are vulnerable to wasting resources to accomplish the task.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1568", "attack_technique": "Dynamic Resolution", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1568", "attack_technique": "Dynamic Resolution", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1569", "attack_technique": "System Services", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1569", "attack_technique": "System Services", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1569", "attack_technique": "System Services", "eav_id": "EAV0027", "eav": "When adversaries\u2019 malware is detonated, they are vulnerable to dynamic analysis, which can reveal how the malware interacts with system resources.", "eac": "Malware Detonation", "eac_id": "EAC0013"}, {"attack_id": "T1570", "attack_technique": "Lateral Tool Transfer", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1570", "attack_technique": "Lateral Tool Transfer", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1571", "attack_technique": "Non-Standard Port", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1571", "attack_technique": "Non-Standard Port", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1572", "attack_technique": "Protocol Tunneling", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1572", "attack_technique": "Protocol Tunneling", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1573", "attack_technique": "Encrypted Channel", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1573", "attack_technique": "Encrypted Channel", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1573", "attack_technique": "Encrypted Channel", "eav_id": "EAV0021", "eav": "When adversaries exfiltrate data, their data are vulnerable to observation or manipulation via Man-in-the-Middle activities. ", "eac": "Network Analysis", "eac_id": "EAC0004"}, {"attack_id": "T1574", "attack_technique": "Hijack Execution Flow", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1574", "attack_technique": "Hijack Execution Flow", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1578", "attack_technique": "Modify Cloud Compute Infrastructure", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1578", "attack_technique": "Modify Cloud Compute Infrastructure", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1578", "attack_technique": "Modify Cloud Compute Infrastructure", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1578", "attack_technique": "Modify Cloud Compute Infrastructure", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1580", "attack_technique": "Cloud Infrastructure Discovery", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1589", "attack_technique": "Gather Victim Identity Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1589", "attack_technique": "Gather Victim Identity Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1589", "attack_technique": "Gather Victim Identity Information", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1590", "attack_technique": "Gather Victim Network Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1590", "attack_technique": "Gather Victim Network Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1590", "attack_technique": "Gather Victim Network Information", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1591", "attack_technique": "Gather Victim Org Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1591", "attack_technique": "Gather Victim Org Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1591", "attack_technique": "Gather Victim Org Information", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1592", "attack_technique": "Gather Victim Host Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1592", "attack_technique": "Gather Victim Host Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1592", "attack_technique": "Gather Victim Host Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1592", "attack_technique": "Gather Victim Host Information", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1592", "attack_technique": "Gather Victim Host Information", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1593", "attack_technique": "Search Open Websites/Domains", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1593", "attack_technique": "Search Open Websites/Domains", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1593", "attack_technique": "Search Open Websites/Domains", "eav_id": "EAV0025", "eav": "When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1593", "attack_technique": "Search Open Websites/Domains", "eav_id": "EAV0025", "eav": "When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1594", "attack_technique": "Search Victim-Owned Websites", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1594", "attack_technique": "Search Victim-Owned Websites", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1594", "attack_technique": "Search Victim-Owned Websites", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1594", "attack_technique": "Search Victim-Owned Websites", "eav_id": "EAV0025", "eav": "When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Network Diversity", "eac_id": "EAC0007"}, {"attack_id": "T1595", "attack_technique": "Active Scanning", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1596", "attack_technique": "Search Open Technical Databases", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1596", "attack_technique": "Search Open Technical Databases", "eav_id": "EAV0025", "eav": "When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1597", "attack_technique": "Search Closed Sources", "eav_id": "EAV0006", "eav": "When adversaries collect targeting information from open or closed data sources, they are vulnerable to being influenced by manipulated or misleading data.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1597", "attack_technique": "Search Closed Sources", "eav_id": "EAV0025", "eav": "When adversaries collect targeting information from open or closed data sources, they may reveal their targeting preferences.", "eac": "information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1598", "attack_technique": "Phishing for Information", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1598", "attack_technique": "Phishing for Information", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1598", "attack_technique": "Phishing for Information", "eav_id": "EAV0018", "eav": "When adversaries interact directly with victims, they are vulnerable to being socially engineered or otherwise manipulated by an aware user.", "eac": "Personas", "eac_id": "EAC0012"}, {"attack_id": "T1599", "attack_technique": "Network Boundary Bridging", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1599", "attack_technique": "Network Boundary Bridging", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1599", "attack_technique": "Network Boundary Bridging", "eav_id": "EAV0020", "eav": "When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availability, traffic filtering, degraded speeds, etc.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1600", "attack_technique": "Weaken Encryption", "eav_id": "EAV0023", "eav": "When adversaries use easily identifiable techniques, or generate signaturable patterns in data or traffic, they are vulnerable to detection of their activity.", "eac": "Network Monitoring", "eac_id": "EAC0002"}, {"attack_id": "T1601", "attack_technique": "Modify System Image", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1601", "attack_technique": "Modify System Image", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Baseline", "eac_id": "EAC0019"}, {"attack_id": "T1601", "attack_technique": "Modify System Image", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1601", "attack_technique": "Modify System Image", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Burn-In", "eac_id": "EAC0008"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1602", "attack_technique": "Data from Configuration Repository", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1606", "attack_technique": "Forge Web Credentials", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1606", "attack_technique": "Forge Web Credentials", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1606", "attack_technique": "Forge Web Credentials", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Artifact Diversity", "eac_id": "EAC0022"}, {"attack_id": "T1609", "attack_technique": "Container Administration Command", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1609", "attack_technique": "Container Administration Command", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1610", "attack_technique": "Deploy Container", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Network Manipulation", "eac_id": "EAC0016"}, {"attack_id": "T1611", "attack_technique": "Escape to Host", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1612", "attack_technique": "Build Image on Host", "eav_id": "EAV0013", "eav": "When adversaries rely on specific resources to be enabled, accessible, and/or vulnerable, they are vulnerable to their operations being disrupted if the resources are disabled, removed, or otherwise made invulnerable.", "eac": "Security Controls", "eac_id": "EAC0018"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Lures", "eac_id": "EAC0005"}, {"attack_id": "T1613", "attack_technique": "Container and Resource Discovery", "eav_id": "EAV0019", "eav": "When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.", "eac": "Application Diversity", "eac_id": "EAC0006"}, {"attack_id": "T1614", "attack_technique": "System Location Discovery", "eav_id": "EAV0001", "eav": "When adversaries interact with the environment or personas, they are vulnerable when they collect, observe, or manipulate system artifacts or information. Manipulated data may cause them to reveal behaviors, use additional or more advanced capabilities against the target, and/or impact their dwell time.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1614", "attack_technique": "System Location Discovery", "eav_id": "EAV0002", "eav": "When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.", "eac": "Pocket Litter", "eac_id": "EAC0011"}, {"attack_id": "T1614", "attack_technique": "System Location Discovery", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Information Manipulation", "eac_id": "EAC0015"}, {"attack_id": "T1614", "attack_technique": "System Location Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Software Manipulation", "eac_id": "EAC0014"}, {"attack_id": "T1614", "attack_technique": "System Location Discovery", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "API Monitoring", "eac_id": "EAC0001"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1068", "attack_technique": "Exploitation for Privilege Escalation", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1040", "attack_technique": "Network Sniffing", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1046", "attack_technique": "Network Service Scanning", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0007", "eav": "When adversaries interact with engagement environments and personas, their future capability, targeting, and/or infrastructure requirements are vulnerable to influence.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0010", "eav": "When adversaries interact with network or system resources, they are vulnerable to triggering tripwires or engaging in easily detectable, anomalous behavior.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0016", "eav": "When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}, {"attack_id": "T1072", "attack_technique": "Software Deployment Tools", "eav_id": "EAV0017", "eav": "When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to revealing additional or more advanced capabilities when exploiting or using said resource.", "eac": "Introduced Vulnerabilities", "eac_id": "EAC0023"}]