ATT&CK 2022版中英对照以及解析V1.0 By 香草
2023-07-20 17:47:17 0 举报AI智能生成
ATT&CK 2022版中英对照
作者其他创作
大纲/内容
Impact(影响)
Account Access Removal(删除账户)
Data Destruction(销毁数据)
Data Encrypted for Impact(加密数据)
Data Manipulation(数据修改)
Defacement
Disk Wipe(磁盘擦除)
Endpoint Denial of Service(终端拒绝服务)
Firmware Corruption(固件损坏)
Inhibit System Recovery(禁止系统恢复)
Network Denial of Service(网络拒绝服务)
Resource Hijacking(资源劫持)
Service Stop(停用服务)
System Shutdown/Reboot(系统关机)
Exfiltration(数据窃取)
Automated Exfiltration(自动渗出数据)
Traffic Duplication(流量镜像)
Data Transfer Size Limits(数据分片传输)
Exfiltration Over C2 Channel(通过C2通道渗出数据)
Exfiltration Over Other Network Medium(通过网络媒体通道渗出数据)
Exfiltration Over Physical Medium(通过物理可移动设备渗出数据)
Exfiltration Over Web Service(通过web服务渗出数据)
Exfiltration to Code Repository(代码仓库)
Exfiltration to Cloud Storage(云存储)
Scheduled Transfer(有计划的数据传输)
Transfer Data to Cloud Account(将数据传输至云账户)
Command and Control(命令和控制)
Application Layer Protocol(通过应用层协议)
Communication Through Removable Media
Data Encoding(数据编码)
Data Obfuscation(数据混淆)
Dynamic Resolution
Encrypted Channel(加密通道)
Fallback Channels
Ingress Tool Transfer(横向工具转移)
Multi-Stage Channels
Non-Application Layer Protocol(非应用层协议)
Non-Standard Port(非标准端口)
Protocol Tunneling(协议隧道)
Proxy(代理)
Remote Access Software(远程控制软件)
Traffic Signaling
Web Service
Collection(信息收集)
Adversary-in-the-Middle(中间人攻击)
Archive Collected Data(数据归档)
Audio Capture(音频捕获)
Automated Collection(自动采集数据)
Browser Session Hijacking(浏览器会话劫持)
Clipboard Data(获取剪切板数据)
Data from Cloud Storage Object(获取云存储数据)
Data from Configuration Repository(获取配置文件存储库的数据)
Data from Information Repositories(获取信息文档存储库的数据)
Data from Local System(获取本地数据)
Data from Network Shared Drive(通过网络共享获取数据)
Data from Removable Media(来自可移动设备的数据)
Data Staged(暂时保存获取的数据)
Email Collection(收集电子邮件)
Input Capture(输入信息捕获)
Screen Capture(屏幕截图)
Video Capture(摄像头录像)
Lateral Movement(横向移动)
Exploitation of Remote Services(利用远程服务)
Internal Spearphishing(内部钓鱼)
Lateral Tool Transfer(横向工具传输)
Remote Service Session Hijacking(远程服务会话劫持)
Remote Services(远程服务)
Replication Through Removable Media(通过可移动设备进行复制)
Software Deployment Tools(软件部署工具)
Taint Shared Content(污染共享内容)
Use Alternate Authentication Material(使用备用身份验证材料)
Application Access Token
Pass the Hash
Pass the Ticket
Web Session Cookie
Discovery(信息发现)
Account Discovery(账户发现)
Application Window Discovery(发现应用程序窗口)
Browser Bookmark Discovery(发现浏览器书签)
Cloud Infrastructure Discovery(发现云基础设施)
Cloud Service Dashboard
Cloud Service Discovery
Container and Resource Discovery
Debugger Evasion
Domain Trust Discovery(发现信任域)
File and Directory Discovery(文件和mul)
Group Policy Discovery
Network Service Discovery(网络服务发现)
Network Share Discovery
Network Sniffing(网络嗅探)
Password Policy Discovery(密码策略发现)
Peripheral Device Discovery(外围设备发现)
Permission Groups Discovery
Process Discovery(进程发现)
Query Registry(查询注册表)
Remote System Discovery(远程系统发现-存活主机)
Software Discovery(软件列表)
System Information Discovery(系统信息发现)
System Location Discovery
System Network Configuration Discovery(系统网络配置发现)
System Owner/User Discovery
System Service Discovery(系统服务发现)
System Time Discovery
Virtualization/Sandbox Evasion(沙盒规避)
Credential Access(凭证访问)
Adversary-in-the-Middle(中间人攻击)
Brute Force(暴力破解)
Credentials from Password Stores(来自密码存储的凭据)
Exploitation for Credential Access
Forced Authentication(强制身份认证)
Forge Web Credentials(伪造WEB访问凭据)
Input Capture(输入捕获)
Modify Authentication Process(修改身份验证过程)
Multi-Factor Authentication Interception
Multi-Factor Authentication Request Generation
Network Sniffing(网络嗅探)
OS Credential Dumping(操做系统凭据导出)
Steal Application Access Token(窃取应用程序访问令牌)
Steal or Forge Kerberos Tickets(窃取或伪造Kerberos票据)
Steal Web Session Cookie(窃取WEB Cookie)
Unsecured Credentials(获取不受保护的凭证)
Reconnaissance(信息侦查)
Active Scanning(主动扫描)
Scanning IP Blocks(IP扫描)
Vulnerability Scanning(漏洞扫描)
Wordlist Scanning(目录扫描/指纹识别)
Gather Victim Host Information(目标主机信息收集)
Hardware(硬件)
Software(软件)
Firmware(固件)
Client Configurations(客户端配置)
Gather Victim Identity Information(目标身份信息收集)
Credentials(认证信息)
Email Addresses(邮件地址)
Employee Names(员工信息)
Gather Victim Network Information(目标网络信息收集)
Domain Properties(域名信息)
DNS
Network Trust Dependencies(信任的网络关系)
Network Topology(网络拓扑结构)
IP Addresses(IP地址)
Network Security Appliances(网络安全设备)
Gather Victim Org Information(目标组织信息收集)
Determine Physical Locations(确定物理位置)
Business Relationships(业务关系)
Identify Business Tempo(确定业务模式)
Identify Roles(确定角色信息)
Phishing for Information(通过钓鱼获取信息)
Spearphishing Service(网络服务钓鱼)
Spearphishing Attachment(附件钓鱼)
Spearphishing Link(链接钓鱼)
Search Closed Sources(搜索封闭网络)
Threat Intel Vendors(通过威胁情报提供商)
Purchase Technical Data(购买技术资料)
Search Open Technical Databases(搜索开放数据库)
DNS/Passive DNS
WHOIS
Digital Certificates
CDN
Scan Databases
Search Open Websites/Domains(搜索开放网站)
Social Media(社交媒体)
Search Engines(搜索引擎)
Search Victim-Owned Websites(搜索目标自己的网站)
Resource Development(资源开发)
Acquire Infrastructure(购买基础设施)
Compromise Accounts(盗取账户)
Compromise Infrastructure(攻陷基础设施)
Develop Capabilities(开发能力)
Establish Accounts(创建账户)
Obtain Capabilities(获得能力)
Stage Capabilities(伪装能力)
Initial Access(初始访问)
Drive-by Compromise(浏览器水坑)
Exploit Public-Facing Application(攻击对外开放的服务)
External Remote Services(外部的远程服务)
Hardware Additions(硬件添加)
Phishing(钓鱼)
Replication Through Removable Media(通过可移动媒体复制)
Supply Chain Compromise(供应链攻击)
Trusted Relationship(信任关系)
Valid Accounts(有效账户)
Execution(命令执行)
Command and Scripting Interpreter(命令和脚本解释器)
Container Administration Command(容器管理命令)
Deploy Container(部署容器)
Exploitation for Client Execution(利用客户端执行)
Inter-Process Communication(进程间通信)
Native API(原生API)
Scheduled Task/Job(计划任务/作业)
Shared Modules(共享模块)
Software Deployment Tools(软件部署工具)
System Services(系统服务)
User Execution(用户执行)
Windows Management Instrumentation(Windows管理规范)
Persistence(权限维持)
Account Manipulation(账户操纵)
BITS Jobs(windows后台智能传输服务)
Boot or Logon Autostart Execution(启动或登录自动执行)
Boot or Logon Initialization Scripts(登录和初始化脚本)
Browser Extensions(浏览器插件)
Compromise Client Software Binary(捆绑二进制文件)
Create Account(添加账号)
Create or Modify System Process(创建或修改系统进程)
Event Triggered Execution(事件触发执行)
External Remote Services(外部远程服务)
Hijack Execution Flow(劫持执行流程)
Implant Internal Image(植入内部镜像)
Modify Authentication Process(修改身份验证过程)
Office Application Startup(办公软件自启动)
Pre-OS Boot(操做系统启动前触发)
Scheduled Task/Job(计划任务)
Server Software Component(服务端组件)
Traffic Signaling
Valid Accounts(有效账户)
Privilege Escalation(权限提升)
Abuse Elevation Control Mechanism(滥用高权限账户机制)
Access Token Manipulation(访问令牌伪造)
Boot or Logon Autostart Execution(自登录或自启动执行)
Boot or Logon Initialization Scripts(利用启动或登录的初始化脚本)
Create or Modify System Process(创建或修改系统进程)
Domain Policy Modification(域策略修改)
Escape to Host(主机逃逸)
Event Triggered Execution(事件触发执行)
Exploitation for Privilege Escalation(利用软件漏洞提升权限)
Hijack Execution Flow(劫持执行流程)
Process Injection(进程注入)
Scheduled Task/Job(计划任务)
Valid Accounts(有效账户)
Defense Evasion(防御逃逸)
Abuse Elevation Control Mechanism(滥用高权限账户机制)
Access Token Manipulation(访问令牌伪造)
BITS Jobs
Build Image on Host
Debugger Evasion(反调试)
Deobfuscate/Decode Files or Information(文件编码)
Deploy Container(部署容器)
Direct Volume Access(直接存储器存取)
Domain Policy Modification(域策略修改)
Group Policy Modification
Domain Trust Modification
Execution Guardrails
Exploitation for Defense Evasion(利用漏洞进行防御规避)
File and Directory Permissions Modification(修改文件和目录权限)
Hide Artifacts(隐蔽活动)
Hijack Execution Flow(劫持执行流程)
Impair Defenses(损害防御机制)
Indicator Removal on Host(清除主机记录)
Indirect Command Execution(间接命令执行)
Masquerading(伪装)
Modify Authentication Process(修改身份验证过程)
Modify Cloud Compute Infrastructure(修改云计算基础构架)
Modify Registry(修改注册表)
Modify System Image(修改系统镜像)
Network Boundary Bridging
Obfuscated Files or Information(文件混淆)
Plist File Modification(修改plist文件)
Pre-OS Boot(在操做系统启动前启动程序)
Process Injection(进程注入)
Reflective Code Loading
Rogue Domain Controller
Rootkit
Subvert Trust Controls(绕过不受信任提示)
System Binary Proxy Execution
System Script Proxy Execution
Template Injection(模版注入)
Traffic Signaling
Trusted Developer Utilities Proxy Execution
Unused/Unsupported Cloud Regions
Use Alternate Authentication Material(实用备用身份验证材料)
Valid Accounts(有效账户)
Virtualization/Sandbox Evasion(虚拟化/沙盒规避)
Weaken Encryption(弱化加密)
XSL Script Processing
0 条评论
下一页
