Sub-technique
Definition
A finer-grained variation of a technique, identified with a decimal suffix such as T1059.001 for PowerShell under the Command and Scripting Interpreter technique. Sub-techniques allow analysts to be precise about which specific method was used.
Related terms
- ATT&CK Navigator
- A free, browser-based visualisation tool from MITRE that renders the ATT&CK matrix as an interactive heat map. Teams use it to annotate...
- Tactic
- The adversary's high-level objective at a given stage of the attack: for example, Initial Access, Execution, Persistence, Privilege Escalation, or Exfiltration. ATT&CK...
- Technique
- A specific method an adversary uses to achieve a tactic. Each technique has a unique identifier such as T1059 (Command and Scripting...
- Threat group profile
- An ATT&CK entry for a named threat actor, listing the techniques attributed to that group based on public reporting. Analysts use group...
- TTP (Tactics, Techniques, and Procedures)
- The full description of how an adversary operates. Tactics are goals, techniques are methods, and procedures are the specific implementation details, such...
Explained in
- MITRE ATT&CK in Threat Hunting and Incident ResponseA finer-grained variation of a technique, identified with a decimal suffix such as T1059.001 for PowerShell under the Command and Scripting Interpreter techniq...