Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.
| ID | Name | Description |
|---|---|---|
| TA0027 | Initial Access | The adversary is trying to get into your device. |
| TA0041 | Execution | The adversary is trying to run malicious code. |
| TA0028 | Persistence | The adversary is trying to maintain their foothold. |
| TA0029 | Privilege Escalation | The adversary is trying to gain higher-level permissions. |
| TA0030 | Defense Evasion | The adversary is trying to avoid being detected. |
| TA0031 | Credential Access | The adversary is trying to steal account names, passwords, or other secrets that enable access to resources. |
| TA0032 | Discovery | The adversary is trying to figure out your environment. |
| TA0033 | Lateral Movement | The adversary is trying to move through your environment. |
| TA0035 | Collection | The adversary is trying to gather data of interest to their goal. |
| TA0037 | Command and Control | The adversary is trying to communicate with compromised devices to control them. |
| TA0036 | Exfiltration | The adversary is trying to steal data. |
| TA0034 | Impact | The adversary is trying to manipulate, interrupt, or destroy your devices and data. |
| TA0038 | Network Effects | The adversary is trying to intercept or manipulate network traffic to or from a device. |
| TA0039 | Remote Service Effects | The adversary is trying to control or monitor the device using remote services. |