{ "description": "ATT&CK Tactic", "icon": "map", "kill_chain_order": { "attack-Containers": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "impact" ], "attack-IaaS": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "exfiltration", "impact" ], "attack-Identity-Provider": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement" ], "attack-Linux": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact" ], "attack-Network": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact" ], "attack-Office-365": [ "initial-access", "defense-evasion", "lateral-movement" ], "attack-Office-Suite": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "exfiltration", "impact" ], "attack-PRE": [ "reconnaissance", "resource-development" ], "attack-SaaS": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "exfiltration", "impact" ], "attack-Windows": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact" ], "attack-macOS": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact" ], "mobile-attack-Android": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact", "network-effects", "remote-service-effects" ], "mobile-attack-iOS": [ "initial-access", "execution", "persistence", "privilege-escalation", "defense-evasion", "credential-access", "discovery", "lateral-movement", "collection", "command-and-control", "exfiltration", "impact", "network-effects", "remote-service-effects" ], "pre-attack": [ "priority-definition-planning", "priority-definition-direction", "target-selection", "technical-information-gathering", "people-information-gathering", "organizational-information-gathering", "technical-weakness-identification", "people-weakness-identification", "organizational-weakness-identification", "adversary-opsec", "establish-&-maintain-infrastructure", "persona-development", "build-capabilities", "test-capabilities", "stage-capabilities", "launch", "compromise" ] }, "name": "Attack Pattern", "namespace": "mitre-attack", "type": "mitre-attack-pattern", "uuid": "c4e851fa-775f-11e7-8163-b774922098cd", "version": 11 }