Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
658 threats — page 7 of 14
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Trusted Developer Utilities Proxy Execution: ClickOnce | Defense Evasion | Adversaries may use ClickOnce applications (.appref-ms and .application files) to proxy execution of… | Edit | |
| Trusted Developer Utilities Proxy Execution: JamPlus | Defense Evasion | Adversaries may use JamPlus to proxy the execution of a malicious script. JamPlus is a build utility… | Edit | |
| Trusted Developer Utilities Proxy Execution: MSBuild | Defense Evasion | Adversaries may use MSBuild to proxy execution of code through a trusted Windows utility. MSBuild.ex… | Edit | |
| Unused/Unsupported Cloud Regions | Defense Evasion | Adversaries may create cloud instances in unused geographic service regions in order to evade detect… | Edit | |
| Use Alternate Authentication Material | Defense Evasion | Adversaries may use alternate authentication material, such as password hashes, Kerberos tickets, an… | Edit | |
| Use Alternate Authentication Material: Application Access Token | Defense Evasion | Adversaries may use stolen application access tokens to bypass the typical authentication process an… | Edit | |
| Use Alternate Authentication Material: Pass the Hash | Defense Evasion | Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment… | Edit | |
| Use Alternate Authentication Material: Pass the Ticket | Defense Evasion | Adversaries may “pass the ticket” using stolen Kerberos tickets to move laterally within an environm… | Edit | |
| Use Alternate Authentication Material: Web Session Cookie | Defense Evasion | Adversaries can use stolen session cookies to authenticate to web applications and services. This te… | Edit | |
| Valid Accounts | Defense Evasion | Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Acce… | Edit | |
| Valid Accounts: Cloud Accounts | Defense Evasion | Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Acc… | Edit | |
| Valid Accounts: Default Accounts | Defense Evasion | Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Acce… | Edit | |
| Valid Accounts: Domain Accounts | Defense Evasion | Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Acces… | Edit | |
| Valid Accounts: Local Accounts | Defense Evasion | Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access… | Edit | |
| Virtualization/Sandbox Evasion | Defense Evasion | Adversaries may employ various means to detect and avoid virtualization and analysis environments. T… | Edit | |
| Virtualization/Sandbox Evasion: System Checks | Defense Evasion | Adversaries may employ various system checks to detect and avoid virtualization and analysis environ… | Edit | |
| Virtualization/Sandbox Evasion: Time Based Checks | Defense Evasion | Adversaries may employ various time-based methods to detect virtualization and analysis environments… | Edit | |
| Virtualization/Sandbox Evasion: User Activity Based Checks | Defense Evasion | Adversaries may employ various user activity checks to detect and avoid virtualization and analysis … | Edit | |
| Weaken Encryption | Defense Evasion | Adversaries may compromise a network device’s encryption capability in order to bypass encryption th… | Edit | |
| Weaken Encryption: Disable Crypto Hardware | Defense Evasion | Adversaries disable a network device’s dedicated hardware encryption, which may enable them to lever… | Edit | |
| Weaken Encryption: Reduce Key Space | Defense Evasion | Adversaries may reduce the level of effort required to decrypt data transmitted over the network by … | Edit | |
| XSL Script Processing | Defense Evasion | Adversaries may bypass application control and obscure execution of code by embedding scripts inside… | Edit | |
| Account Discovery | Discovery | Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a syste… | Edit | |
| Account Discovery: Cloud Account | Discovery | Adversaries may attempt to get a listing of cloud accounts. Cloud accounts are those created and con… | Edit | |
| Account Discovery: Domain Account | Discovery | Adversaries may attempt to get a listing of domain accounts. This information can help adversaries d… | Edit | |
| Account Discovery: Email Account | Discovery | Adversaries may attempt to get a listing of email addresses and accounts. Adversaries may try to dum… | Edit | |
| Account Discovery: Local Account | Discovery | Adversaries may attempt to get a listing of local system accounts. This information can help adversa… | Edit | |
| Application Window Discovery | Discovery | Adversaries may attempt to get a listing of open application windows. Window listings could convey i… | Edit | |
| Browser Information Discovery | Discovery | Adversaries may enumerate information about browsers to learn more about compromised environments. D… | Edit | |
| Cloud Infrastructure Discovery | Discovery | An adversary may attempt to discover infrastructure and resources that are available within an infra… | Edit | |
| Cloud Service Dashboard | Discovery | An adversary may use a cloud service dashboard GUI with stolen credentials to gain useful informatio… | Edit | |
| Cloud Service Discovery | Discovery | An adversary may attempt to enumerate the cloud services running on a system after gaining access. T… | Edit | |
| Cloud Storage Object Discovery | Discovery | Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this informat… | Edit | |
| Container and Resource Discovery | Discovery | Adversaries may attempt to discover containers and other resources that are available within a conta… | Edit | |
| Device Driver Discovery | Discovery | Adversaries may attempt to enumerate local device drivers on a victim host. Information about device… | Edit | |
| Domain Trust Discovery | Discovery | Adversaries may attempt to gather information on domain trust relationships that may be used to iden… | Edit | |
| File and Directory Discovery | Discovery | Adversaries may enumerate files and directories or may search in specific locations of a host or net… | Edit | |
| Group Policy Discovery | Discovery | Adversaries may gather information on Group Policy settings to identify paths for privilege escalati… | Edit | |
| Local Storage Discovery | Discovery | Adversaries may enumerate local drives, disks, and/or volumes and their attributes like total or fre… | Edit | |
| Log Enumeration | Discovery | Adversaries may enumerate system and service logs to find useful data. These logs may highlight vari… | Edit | |
| Network Service Discovery | Discovery | Adversaries may attempt to get a listing of services running on remote hosts and local network infra… | Edit | |
| Network Share Discovery | Discovery | Adversaries may look for folders and drives shared on remote systems as a means of identifying sourc… | Edit | |
| Password Policy Discovery | Discovery | Adversaries may attempt to access detailed information about the password policy used within an ente… | Edit | |
| Peripheral Device Discovery | Discovery | Adversaries may attempt to gather information about attached peripheral devices and components conne… | Edit | |
| Permission Groups Discovery | Discovery | Adversaries may attempt to discover group and permission settings. This information can help adversa… | Edit | |
| Permission Groups Discovery: Cloud Groups | Discovery | Adversaries may attempt to find cloud groups and permission settings. The knowledge of cloud permiss… | Edit | |
| Permission Groups Discovery: Domain Groups | Discovery | Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain… | Edit | |
| Permission Groups Discovery: Local Groups | Discovery | Adversaries may attempt to find local system groups and permission settings. The knowledge of local … | Edit | |
| Process Discovery | Discovery | Adversaries may attempt to get information about running processes on a system. Information obtained… | Edit | |
| Query Registry | Discovery | Adversaries may interact with the Windows Registry to gather information about the system, configura… | Edit |