Name | Tags | Incidents | ATT&CK Tactic | Tech | Status |
---|---|---|---|---|---|
Cloud | Credential Access (TA0006) | Stub | |||
Cloud | Discovery (TA0007) | Stub | |||
CI/CD | Stub | ||||
Cloud | Lateral Movement (TA0008) | Stub | |||
K8s | Initial Access (TA0001) | Stub | |||
AAD | Lateral Movement (TA0008) | Stub | |||
Cloud | Initial Access (TA0001) | Stub | |||
Stub | |||||
AAD | Lateral Movement (TA0008) | Stub | |||
AAD | Lateral Movement (TA0008)Credential Access (TA0006) | Finalized | |||
Stub | |||||
Cloud | Persistence (TA0003)Execution (TA0002) | Stub | |||
Cloud | Stub | ||||
CloudAAD | Persistence (TA0003) | Stub | |||
CloudAAD | Lateral Movement (TA0008) | Stub | |||
Execution (TA0002) | Stub | ||||
Cloud | Initial Access (TA0001) | Stub | |||
K8s | Initial Access (TA0001) | Stub | |||
Cloud | Initial Access (TA0001) | Stub | |||
Cloud | Initial Access (TA0001) | Stub | |||
LinuxWindows | Persistence (TA0003) | Stub | |||
Windows | Execution (TA0002)Privilege Escalation (TA0004) | Stub | |||
CloudRansomware | Impact (TA0040) | Stub | |||
Cloud | Initial Access (TA0001) | Stub | |||
App Misconfig. | Reconnaissance (TA0043)Credential Access (TA0006) | Stub | |||
CI/CD | Discovery (TA0007) | Stub | |||
Cloud | Reconnaissance (TA0043) | Stub | |||
CloudK8s | Kiss-A-Dog campaignScarletEel campaign (Feb ‘23)RBAC BusterMisconfigured firewall to cryptojacking botnetScarletEel campaign (July ‘23)EleKtra-LeakLabrat GitLab campaignAmberSquid campaignDangerDev SES abuse incidentECS Fargate cryptojackingDero cryptojacking targeting K8sDERO cryptojacking campaign (2024)SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining | Impact (TA0040) | Featured | ||
Stub | |||||
Cloud | Impact (TA0040) | Finalized | |||
Not started | |||||
Cloud | Persistence (TA0003) | Stub | |||
K8s | Initial Access (TA0001) | Stub | |||
K8s | Discovery (TA0007) | Stub | |||
Cloud | Initial Access (TA0001) | Stub | |||
Stub | |||||
Cloud | Persistence (TA0003) | Stub | |||
LinuxWindows | Persistence (TA0003) | Stub | |||
Persistence (TA0003)Credential Access (TA0006) | Stub | ||||
Defense Evasion (TA0005) | Stub | ||||
Persistence (TA0003) | Stub | ||||
CI/CD | Credential Access (TA0006) | Stub | |||
CloudLinux | Initial Access (TA0001) | Stub | |||
SilentBob cryptomining campaignQubitstrike Crypto Mining and Rootkit CampaignLAPSUS$ campaignsFBot toolkit targets cloud environmentsCommando Cat campaignFrom S3 bucket to Jenkins credential dumpAffirmed Networks breachLLMjacking via Laravel exploitationAtlas Lion phishing campaignSmishing into Entra onto VMWare ransomwareScattered Spider SaaS targeting (2024)CRYSTALRAY: threat actors exploiting OSS tools | Credential Access (TA0006) | Stub | |||
Persistence (TA0003) | Stub | ||||
Network | Resource Development (TA0042) | Stub | |||
Stub | |||||
Ransomware | Impact (TA0040) | Stub | |||
Cloud | Defense Evasion (TA0005) | Stub | |||
Network | Discovery (TA0007) | Stub | |||
Impact (TA0040) | Stub | ||||
Execution (TA0002) | Stub | ||||
Command and Control (TA0011) | Stub | ||||
Stub | |||||
Not started | |||||
Stub | |||||
Supply Chain | Impact (TA0040) | Stub | |||
Cloud | Defense Evasion (TA0005) | Stub | |||
Linux | Privilege Escalation (TA0004) | Stub | |||
Stub | |||||
Execution (TA0002) | Stub | ||||
Cloud | Exfiltration (TA0010) | Stub | |||
Cloud | Exfiltration (TA0010) | Stub | |||
K8s | Privilege Escalation (TA0004) | Stub | |||
K8s | Privilege Escalation (TA0004) | Stub | |||
Cloud | Exfiltration (TA0010) | Stub | |||
Initial Access (TA0001) | Stub | ||||
Cloud | Credential Access (TA0006)Lateral Movement (TA0008) | Stub | |||
Initial Access (TA0001) | Stub | ||||
Not started | |||||
Network | Command and Control (TA0011) | Stub | |||
Supply ChainK8s | Initial Access (TA0001) | Stub | |||
Cloud | ScarletEel campaign (Feb ‘23)ScarletEel campaign (July ‘23)SilentBob cryptomining campaignFrom PHP exploitation to AWS lateral movementMisconfigured firewall to cryptojacking botnetCapital One incident (March 2019)UNC2903 campaignsSQL Server to cloud lateral movementFrom PHP vuln to Sliver execution via cronFrom web app exploitation to Chisel tunnelingCommando Cat campaignHugging Face cross-tenant accessUS DoD NIPRNet access via Atlassian SSRF | Credential Access (TA0006) | Featured | ||
Privilege Escalation (TA0004) | Stub | ||||
Execution (TA0002)Persistence (TA0003) | Stub | ||||
Stub | |||||
App Misconfig. | Initial Access (TA0001)Privilege Escalation (TA0004) | Stub | |||
Ransomware | Impact (TA0040) | Stub | |||
K8sAuthentication | Initial Access (TA0001) | Stub | |||
Cloud | Persistence (TA0003) | Stub | |||
Stub | |||||
Linux | Persistence (TA0003) | Stub | |||
AI/ML | Initial Access (TA0001) | Stub | |||
Stub | |||||
Windows | Defense Evasion (TA0005) | Stub | |||
Windows | Credential Access (TA0006)Privilege Escalation (TA0004) | Stub | |||
AI/ML | ML Attack Staging (AML.TA0001) | Stub | |||
Supply ChainCloud | Initial Access (TA0001) | Stub | |||
Initial Access (TA0001) | Stub | ||||
Authentication | Persistence (TA0003) | Stub | |||
AuthenticationSocial Eng. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Stub | ||||
App Misconfig. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
Not started | |||||
App Misconfig.K8s | Initial Access (TA0001) | Stub | |||
CloudCI/CD | Initial Access (TA0001)Credential Access (TA0006) | Featured | |||
Not started | |||||
App Misconfig. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
LinuxOS Misconfig.NetworkAuthentication | Initial Access (TA0001)Lateral Movement (TA0008) | Featured | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
Cloud | Persistence (TA0003) | Stub | |||
Cloud | Persistence (TA0003) | Stub | |||
Not started | |||||
Persistence (TA0003) | Stub | ||||
Persistence (TA0003) | Stub | ||||
Supply ChainCI/CD | Initial Access (TA0001) | Stub | |||
Initial Access (TA0001) | Stub | ||||
Initial Access (TA0001) | Stub | ||||
Initial Access (TA0001) | Stub | ||||
Initial Access (TA0001) | Stub | ||||
CredentialsAuthentication | Credential Access (TA0006)Initial Access (TA0001) | Stub | |||
CloudAI/ML | Persistence (TA0003) | Stub | |||
Cloud | Persistence (TA0003) | Stub | |||
Initial Access (TA0001) | Stub | ||||
AI/ML | Resource Development (TA0042)Persistence (TA0003) | Stub | |||
Stub | |||||
K8s | Lateral Movement (TA0008) | Stub | |||
Impact (TA0040) | Stub | ||||
Cloud | Initial Access (TA0001) | Stub | |||
Stub | |||||
CI/CD | Initial Access (TA0001) | Stub | |||
LinuxCloud | Persistence (TA0003) | Stub | |||
Authentication | Credential Access (TA0006) | Stub | |||
CI/CD | Privilege Escalation (TA0004) | Stub | |||
Execution (TA0002) | Stub | ||||
Stub | |||||
Supply Chain | Initial Access (TA0001) | Stub | |||
CI/CDApp Misconfig.Network | Initial Access (TA0001) | Stub | |||
Cloud | Execution (TA0002) | Stub | |||
Cloud | Credential Access (TA0006) | Stub | |||
Execution (TA0002) | Stub | ||||
Persistence (TA0003)Execution (TA0002)Privilege Escalation (TA0004)Defense Evasion (TA0005) | Stub | ||||
Stub | |||||
Cloud | Execution (TA0002) | Stub | |||
Stub | |||||
Stub | |||||
Cloud | Exfiltration (TA0010)Persistence (TA0003) | Stub | |||
Initial Access (TA0001) | Stub | ||||
Stub | |||||
Cloud | Stub | ||||
Social Eng. | Initial Access (TA0001) | Stub | |||
Initial Access (TA0001) | Stub | ||||
App Misconfig. | Initial Access (TA0001) | Stub | |||
App Misconfig. | Execution (TA0002) | Stub | |||
App Misconfig. | Initial Access (TA0001) | Stub | |||
Lateral Movement (TA0008) | Stub | ||||
Stub | |||||
Initial Access (TA0001) | Stub | ||||
Cloud | Credential Access (TA0006) | Stub | |||
CloudNetwork | Impact (TA0040) | Stub | |||
Supply Chain | Initial Access (TA0001) | Not started | |||
Linux | Privilege Escalation (TA0004) | Stub | |||
Defense Evasion (TA0005) | Stub | ||||
Initial Access (TA0001)Credential Access (TA0006) | Stub | ||||
Command and Control (TA0011)Defense Evasion (TA0005) | Stub | ||||
Network | Defense Evasion (TA0005) | Stub | |||
Cloud | Exfiltration (TA0010) | Stub | |||
Initial Access (TA0001)Credential Access (TA0006) | Stub | ||||
Privilege Escalation (TA0004) | Stub | ||||
Stub | |||||
Network | Apache server Cryptojacking with Cobalt StrikeProphet Spider campaignAndariel exploiting Apache ActiveMQGoTitan ActiveMQ campaignLAPSUS$ campaignsP2PInfect campaign8820 Gang targeting WebLogicTrigona targeting MSSQL serversRE#TURGENCE MSSQL Server RansomOpMimic used by Trigona operatorsLucifer Botnet targeting HadoopC3Pool mining via Confluence vulnerabilityz0Miner targeting WebLogic serversMeson Network cryptojacking campaignShadowSyndicate aiohttp exploitationUNC5174 ScreenConnect and F5 BIG-IP exploitationRUBYCARP: Botnet Exploiting Vulnerabilities for CryptoK8s targeted via OpenMetadata exploitationKinsing campaigns (2020)Redigo campaignTargetCompany Abusing MSSQL Servers for RansomwareKinsing targeting cloud serversRedTail Cryptomining campaign Muhstik campaignRedJuliett Exploiting VPN and Firewall Vulnerabilities8220 Gang Exploiting WebLogic Vulnerabilities for CryptojackingCRYSTALRAY: threat actors exploiting OSS tools | Initial Access (TA0001)Privilege Escalation (TA0004) | Stub | ||
Stub | |||||
Not started |