Enum: AttackTacticShortNameEnum
Closed enumeration of all ATT&CK tactic short names (x_mitre_shortname). Short names use lowercase hyphen-separated words and are used as the kill_chain_phases.phase_name value by techniques belonging to a tactic. This enumeration covers short names across all three ATT&CK domains (Enterprise, Mobile, ICS). Some short names appear in multiple domains.
URI: attack:AttackTacticShortNameEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| reconnaissance | None | Enterprise: Adversaries gather information to plan future operations |
| resource-development | None | Enterprise: Adversaries establish resources to support operations |
| initial-access | None | Enterprise / Mobile / ICS: Adversaries gain a foothold in the environment |
| execution | None | Enterprise / Mobile / ICS: Adversaries run malicious code |
| persistence | None | Enterprise / Mobile / ICS: Adversaries maintain their foothold |
| privilege-escalation | None | Enterprise / Mobile / ICS: Adversaries gain higher-level permissions |
| defense-evasion | None | Enterprise / Mobile: Adversaries avoid being detected |
| credential-access | None | Enterprise / Mobile: Adversaries steal account names and passwords |
| discovery | None | Enterprise / Mobile / ICS: Adversaries figure out the environment |
| lateral-movement | None | Enterprise / Mobile / ICS: Adversaries move through the environment |
| collection | None | Enterprise / Mobile / ICS: Adversaries gather data of interest |
| command-and-control | None | Enterprise / Mobile / ICS: Adversaries communicate with compromised systems |
| exfiltration | None | Enterprise / Mobile: Adversaries steal data |
| impact | None | Enterprise / Mobile / ICS: Adversaries manipulate, interrupt, or destroy syst... |
| evasion | None | Mobile: Adversaries evade analysis and defenses on mobile platforms |
| network-effects | None | Mobile (legacy): Adversaries intercept or manipulate network traffic |
| remote-service-effects | None | Mobile (legacy): Adversaries control or monitor remote services on mobile dev... |
| inhibit-response-function | None | ICS: Adversaries prevent safety mechanisms from responding to events |
| impair-process-control | None | ICS: Adversaries manipulate physical control processes |
Slots
| Name | Description |
|---|---|
| x_mitre_shortname | The machine-readable short identifier for an ATT&CK tactic |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
LinkML Source
name: AttackTacticShortNameEnum
description: Closed enumeration of all ATT&CK tactic short names (x_mitre_shortname).
Short names use lowercase hyphen-separated words and are used as the kill_chain_phases.phase_name
value by techniques belonging to a tactic. This enumeration covers short names across
all three ATT&CK domains (Enterprise, Mobile, ICS). Some short names appear in multiple
domains.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
permissible_values:
reconnaissance:
text: reconnaissance
description: 'Enterprise: Adversaries gather information to plan future operations.'
resource-development:
text: resource-development
description: 'Enterprise: Adversaries establish resources to support operations.'
initial-access:
text: initial-access
description: 'Enterprise / Mobile / ICS: Adversaries gain a foothold in the environment.'
execution:
text: execution
description: 'Enterprise / Mobile / ICS: Adversaries run malicious code.'
persistence:
text: persistence
description: 'Enterprise / Mobile / ICS: Adversaries maintain their foothold.'
privilege-escalation:
text: privilege-escalation
description: 'Enterprise / Mobile / ICS: Adversaries gain higher-level permissions.'
defense-evasion:
text: defense-evasion
description: 'Enterprise / Mobile: Adversaries avoid being detected.'
credential-access:
text: credential-access
description: 'Enterprise / Mobile: Adversaries steal account names and passwords.'
discovery:
text: discovery
description: 'Enterprise / Mobile / ICS: Adversaries figure out the environment.'
lateral-movement:
text: lateral-movement
description: 'Enterprise / Mobile / ICS: Adversaries move through the environment.'
collection:
text: collection
description: 'Enterprise / Mobile / ICS: Adversaries gather data of interest.'
command-and-control:
text: command-and-control
description: 'Enterprise / Mobile / ICS: Adversaries communicate with compromised
systems.'
exfiltration:
text: exfiltration
description: 'Enterprise / Mobile: Adversaries steal data.'
impact:
text: impact
description: 'Enterprise / Mobile / ICS: Adversaries manipulate, interrupt, or
destroy systems and data.'
evasion:
text: evasion
description: 'Mobile: Adversaries evade analysis and defenses on mobile platforms.'
network-effects:
text: network-effects
description: 'Mobile (legacy): Adversaries intercept or manipulate network traffic.'
remote-service-effects:
text: remote-service-effects
description: 'Mobile (legacy): Adversaries control or monitor remote services
on mobile devices.'
inhibit-response-function:
text: inhibit-response-function
description: 'ICS: Adversaries prevent safety mechanisms from responding to events.'
impair-process-control:
text: impair-process-control
description: 'ICS: Adversaries manipulate physical control processes.'