Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
661 threats — page 12 of 14
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Event Triggered Execution: Accessibility Features | Privilege Escalation | Adversaries may establish persistence and/or elevate privileges by executing malicious content trigg… | Edit | |
| Event Triggered Execution: AppCert DLLs | Privilege Escalation | Adversaries may establish persistence and/or elevate privileges by executing malicious content trigg… | Edit | |
| Event Triggered Execution: AppInit DLLs | Privilege Escalation | Adversaries may establish persistence and/or elevate privileges by executing malicious content trigg… | Edit | |
| Event Triggered Execution: Application Shimming | Privilege Escalation | Adversaries may establish persistence and/or elevate privileges by executing malicious content trigg… | Edit | |
| Event Triggered Execution: Change Default File Association | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by a file type associ… | Edit | |
| Event Triggered Execution: Component Object Model Hijacking | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by hijacked reference… | Edit | |
| Event Triggered Execution: Emond | Privilege Escalation | Adversaries may gain persistence and elevate privileges by executing malicious content triggered by … | Edit | |
| Event Triggered Execution: Image File Execution Options Injection | Privilege Escalation | Adversaries may establish persistence and/or elevate privileges by executing malicious content trigg… | Edit | |
| Event Triggered Execution: Installer Packages | Privilege Escalation | Adversaries may establish persistence and elevate privileges by using an installer to trigger the ex… | Edit | |
| Event Triggered Execution: LC_LOAD_DYLIB Addition | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by the execution of t… | Edit | |
| Event Triggered Execution: Netsh Helper DLL | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by Netsh Helper DLLs.… | Edit | |
| Event Triggered Execution: PowerShell Profile | Privilege Escalation | Adversaries may gain persistence and elevate privileges by executing malicious content triggered by … | Edit | |
| Event Triggered Execution: Screensaver | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by user inactivity. S… | Edit | |
| Event Triggered Execution: Trap | Privilege Escalation | Adversaries may establish persistence by executing malicious content triggered by an interrupt signa… | Edit | |
| Event Triggered Execution: Unix Shell Configuration Modification | Privilege Escalation | Adversaries may establish persistence through executing malicious commands triggered by a user’s she… | Edit | |
| Event Triggered Execution: Windows Management Instrumentation Event Subscription | Privilege Escalation | Adversaries may establish persistence and elevate privileges by executing malicious content triggere… | Edit | |
| Exploitation for Privilege Escalation | Privilege Escalation | Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation o… | Edit | |
| Active Scanning | Reconnaissance | Adversaries may execute active reconnaissance scans to gather information that can be used during ta… | Edit | |
| Active Scanning: Scanning IP Blocks | Reconnaissance | Adversaries may scan victim IP blocks to gather information that can be used during targeting. Publi… | Edit | |
| Active Scanning: Vulnerability Scanning | Reconnaissance | Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability sc… | Edit | |
| Active Scanning: Wordlist Scanning | Reconnaissance | Adversaries may iteratively probe infrastructure using brute-forcing and crawling techniques. While … | Edit | |
| Gather Victim Host Information | Reconnaissance | Adversaries may gather information about the victim's hosts that can be used during targeting. Infor… | Edit | |
| Gather Victim Host Information: Client Configurations | Reconnaissance | Adversaries may gather information about the victim's client configurations that can be used during … | Edit | |
| Gather Victim Host Information: Firmware | Reconnaissance | Adversaries may gather information about the victim's host firmware that can be used during targetin… | Edit | |
| Gather Victim Host Information: Hardware | Reconnaissance | Adversaries may gather information about the victim's host hardware that can be used during targetin… | Edit | |
| Gather Victim Host Information: Software | Reconnaissance | Adversaries may gather information about the victim's host software that can be used during targetin… | Edit | |
| Gather Victim Identity Information | Reconnaissance | Adversaries may gather information about the victim's identity that can be used during targeting. In… | Edit | |
| Gather Victim Identity Information: Credentials | Reconnaissance | Adversaries may gather credentials that can be used during targeting. Account credentials gathered b… | Edit | |
| Gather Victim Identity Information: Email Addresses | Reconnaissance | Adversaries may gather email addresses that can be used during targeting. Even if internal instances… | Edit | |
| Gather Victim Identity Information: Employee Names | Reconnaissance | Adversaries may gather employee names that can be used during targeting. Employee names be used to d… | Edit | |
| Gather Victim Network Information | Reconnaissance | Adversaries may gather information about the victim's networks that can be used during targeting. In… | Edit | |
| Gather Victim Network Information: DNS | Reconnaissance | Adversaries may gather information about the victim's DNS that can be used during targeting. DNS inf… | Edit | |
| Gather Victim Network Information: Domain Properties | Reconnaissance | Adversaries may gather information about the victim's network domain(s) that can be used during targ… | Edit | |
| Gather Victim Network Information: IP Addresses | Reconnaissance | Adversaries may gather the victim's IP addresses that can be used during targeting. Public IP addres… | Edit | |
| Gather Victim Network Information: Network Security Appliances | Reconnaissance | Adversaries may gather information about the victim's network security appliances that can be used d… | Edit | |
| Gather Victim Network Information: Network Topology | Reconnaissance | Adversaries may gather information about the victim's network topology that can be used during targe… | Edit | |
| Gather Victim Network Information: Network Trust Dependencies | Reconnaissance | Adversaries may gather information about the victim's network trust dependencies that can be used du… | Edit | |
| Gather Victim Org Information | Reconnaissance | Adversaries may gather information about the victim's organization that can be used during targeting… | Edit | |
| Gather Victim Org Information: Business Relationships | Reconnaissance | Adversaries may gather information about the victim's business relationships that can be used during… | Edit | |
| Gather Victim Org Information: Determine Physical Locations | Reconnaissance | Adversaries may gather the victim's physical location(s) that can be used during targeting. Informat… | Edit | |
| Gather Victim Org Information: Identify Business Tempo | Reconnaissance | Adversaries may gather information about the victim's business tempo that can be used during targeti… | Edit | |
| Gather Victim Org Information: Identify Roles | Reconnaissance | Adversaries may gather information about identities and roles within the victim organization that ca… | Edit | |
| Phishing for Information | Reconnaissance | Adversaries may send phishing messages to elicit sensitive information that can be used during targe… | Edit | |
| Phishing for Information: Spearphishing Attachment | Reconnaissance | Adversaries may send spearphishing messages with a malicious attachment to elicit sensitive informat… | Edit | |
| Phishing for Information: Spearphishing Link | Reconnaissance | Adversaries may send spearphishing messages with a malicious link to elicit sensitive information th… | Edit | |
| Phishing for Information: Spearphishing Service | Reconnaissance | Adversaries may send spearphishing messages via third-party services to elicit sensitive information… | Edit | |
| Phishing for Information: Spearphishing Voice | Reconnaissance | Adversaries may use voice communications to elicit sensitive information that can be used during tar… | Edit | |
| Search Closed Sources | Reconnaissance | Adversaries may search and gather information about victims from closed (e.g., paid, private, or oth… | Edit | |
| Search Closed Sources: Purchase Technical Data | Reconnaissance | Adversaries may purchase technical information about victims that can be used during targeting. Info… | Edit | |
| Search Closed Sources: Threat Intel Vendors | Reconnaissance | Adversaries may search private data from threat intelligence vendors for information that can be use… | Edit |