T1021.005 VNC Mappings

Adversaries may use Valid Accounts to remotely control machines using Virtual Network Computing (VNC). The adversary may then perform actions as the logged-on user.

VNC is a desktop sharing system that allows users to remotely control another computer’s display by relaying mouse and keyboard inputs over the network. VNC does not necessarily use standard user credentials. Instead, a VNC client and server may be configured with sets of credentials that are used only for VNC connections.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-17 Remote Access Protects T1021.005 VNC
AC-2 Account Management Protects T1021.005 VNC
AC-3 Access Enforcement Protects T1021.005 VNC
AC-4 Information Flow Enforcement Protects T1021.005 VNC
AC-6 Least Privilege Protects T1021.005 VNC
CA-7 Continuous Monitoring Protects T1021.005 VNC
CA-8 Penetration Testing Protects T1021.005 VNC
CM-11 User-installed Software Protects T1021.005 VNC
CM-2 Baseline Configuration Protects T1021.005 VNC
CM-3 Configuration Change Control Protects T1021.005 VNC
CM-5 Access Restrictions for Change Protects T1021.005 VNC
CM-6 Configuration Settings Protects T1021.005 VNC
CM-7 Least Functionality Protects T1021.005 VNC
CM-8 System Component Inventory Protects T1021.005 VNC
IA-2 Identification and Authentication (organizational Users) Protects T1021.005 VNC
IA-4 Identifier Management Protects T1021.005 VNC
IA-6 Authentication Feedback Protects T1021.005 VNC
RA-5 Vulnerability Monitoring and Scanning Protects T1021.005 VNC
SC-7 Boundary Protection Protects T1021.005 VNC
SI-10 Information Input Validation Protects T1021.005 VNC
SI-15 Information Output Filtering Protects T1021.005 VNC
SI-3 Malicious Code Protection Protects T1021.005 VNC
SI-4 System Monitoring Protects T1021.005 VNC
network_security_groups Network Security Groups technique_scores T1021.005 VNC
azure_network_traffic_analytics Azure Network Traffic Analytics technique_scores T1021.005 VNC