T1562 Impair Defenses Mappings

Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators.

Adversaries could also target event aggregation and analysis mechanisms, or otherwise disrupt these procedures by altering other system components.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1562 Impair Defenses
AC-3 Access Enforcement Protects T1562 Impair Defenses
AC-5 Separation of Duties Protects T1562 Impair Defenses
AC-6 Least Privilege Protects T1562 Impair Defenses
CA-7 Continuous Monitoring Protects T1562 Impair Defenses
CA-8 Penetration Testing Protects T1562 Impair Defenses
CM-2 Baseline Configuration Protects T1562 Impair Defenses
CM-5 Access Restrictions for Change Protects T1562 Impair Defenses
CM-6 Configuration Settings Protects T1562 Impair Defenses
CM-7 Least Functionality Protects T1562 Impair Defenses
IA-2 Identification and Authentication (organizational Users) Protects T1562 Impair Defenses
IA-4 Identifier Management Protects T1562 Impair Defenses
RA-5 Vulnerability Monitoring and Scanning Protects T1562 Impair Defenses
SI-3 Malicious Code Protection Protects T1562 Impair Defenses
SI-4 System Monitoring Protects T1562 Impair Defenses
SI-7 Software, Firmware, and Information Integrity Protects T1562 Impair Defenses
action.hacking.variety.Disable controls Disable or interfere with security controls related-to T1562 Impair Defenses
action.hacking.variety.Evade Defenses Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. related-to T1562 Impair Defenses
action.malware.variety.Disable controls Disable or interfere with security controls related-to T1562 Impair Defenses
action.malware.variety.Evade Defenses Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. related-to T1562 Impair Defenses
action.malware.variety.Modify data Malware which compromises a legitimate file rather than creating new filess related-to T1562 Impair Defenses
action.social.variety.Evade Defenses Modification of the action (rather than the system, as in 'Disable controls') to avoid detection. related-to T1562 Impair Defenses

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1562.009 Safe Mode Boot 13
T1562.002 Disable Windows Event Logging 15
T1562.004 Disable or Modify System Firewall 15
T1562.006 Indicator Blocking 18
T1562.007 Disable or Modify Cloud Firewall 8
T1562.010 Downgrade Attack 4
T1562.003 Impair Command History Logging 6
T1562.001 Disable or Modify Tools 15
T1562.008 Disable Cloud Logs 8