All Clusters
All Tactics
All Platforms
Loading database...
Summary
698
Total Techniques
222 parent + 476 sub-techniques
604
In-Scope (Mapped)
Mapped to TLCTC clusters
94
Out-of-Scope (N/A)
Reconnaissance & Resource Development
100%
Mapping Coverage
All techniques have mapping arguments
Key Mapping Decisions Applied
| Tactic | Primary Cluster(s) | Rationale |
|---|---|---|
| Reconnaissance | N/A | Pre-attack, outside TLCTC scope |
| Resource Development | N/A | Pre-attack infrastructure preparation |
| Initial Access | #2, #4, #8, #9, #10 |
Depends on entry vector (exploit, creds, physical, social, supply chain) |
| Execution | #1 → #7 |
Function abuse enables FEC execution (per R-EXEC) |
| Persistence | #1 → #7 |
System config abuse + malware deployment |
| Privilege Escalation | #1, #1 → #7 |
Function abuse with optional FEC |
| Defense Evasion | #1, #7, #1 → #7 |
Function abuse or malware features |
| Credential Access | #1 → #4, #4, #1 or #7 |
Acquisition via various means, application = #4 (per R-CRED) |
| Discovery | #1 |
Using designed functionality for enumeration (per R-ABUSE) |
| Lateral Movement | #4 → #1 |
Identity theft + function abuse |
| Collection | #1 |
Legitimate function abuse for data gathering |
| Command and Control | #7 |
Malware communication features |
| Exfiltration | #1 or #7 |
Function abuse or malware capabilities |
| Impact | #6, #7, #1 |
Flooding, malware, or function abuse |