T1204.001 Malicious Link Mappings

An adversary may rely upon a user clicking a malicious link in order to gain execution. Users may be subjected to social engineering to get them to click on a link that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Link. Clicking on a link may also lead to other execution techniques such as exploitation of a browser or application vulnerability via Exploitation for Client Execution. Links may also lead users to download files that require execution via Malicious File.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-04 Information Flow Enforcement Protects T1204.001 Malicious Link
CA-07 Continuous Monitoring Protects T1204.001 Malicious Link
CM-02 Baseline Configuration Protects T1204.001 Malicious Link
CM-06 Configuration Settings Protects T1204.001 Malicious Link
CM-07 Least Functionality Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-07 Boundary Protection Protects T1204.001 Malicious Link
SI-02 Flaw Remediation Protects T1204.001 Malicious Link
SI-03 Malicious Code Protection Protects T1204.001 Malicious Link
SI-04 System Monitoring Protects T1204.001 Malicious Link
SI-08 Spam Protection Protects T1204.001 Malicious Link
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1204.001 Malicious Link
DEF-SecScore-E3 Secure Score Technique Scores T1204.001 Malicious Link
DO365-SL-E3 Safe Links Technique Scores T1204.001 Malicious Link
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1204.001 Malicious Link
DO365-PSP-E3 Preset Security Policies Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1204.001 Malicious Link
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1204.001 Malicious Link