T1204.001 Malicious Link Mappings

An adversary may rely upon a user clicking a malicious link in order to gain execution. Users may be subjected to social engineering to get them to click on a link that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Link. Clicking on a link may also lead to other execution techniques such as exploitation of a browser or application vulnerability via Exploitation for Client Execution. Links may also lead users to download files that require execution via Malicious File.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1204.001 Malicious Link
CA-7 Continuous Monitoring Protects T1204.001 Malicious Link
CM-2 Baseline Configuration Protects T1204.001 Malicious Link
CM-6 Configuration Settings Protects T1204.001 Malicious Link
CM-7 Least Functionality Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-7 Boundary Protection Protects T1204.001 Malicious Link
SI-2 Flaw Remediation Protects T1204.001 Malicious Link
SI-3 Malicious Code Protection Protects T1204.001 Malicious Link
SI-4 System Monitoring Protects T1204.001 Malicious Link
SI-8 Spam Protection Protects T1204.001 Malicious Link
action.malware.variety.Downloader Downloader (pull updates or other malware) related-to T1204.001 User Execution: Malicious Link
action.malware.variety.Unknown Unknown related-to T1204.001 User Execution: Malicious Link
action.malware.vector.Email link Email via embedded link. Child of 'Email' related-to T1204.001 User Execution: Malicious Link
action.social.variety.Phishing Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. related-to T1204.001 User Execution: Malicious Link
action.social.vector.Email Email related-to T1204.001 User Execution: Malicious Link
action.social.vector.Social media Social media or networking related-to T1204.001 User Execution: Malicious Link