Home
ATT&CK Techniques
T1562.001 Disable or Modify Tools

T1562.001 Disable or Modify Tools Mappings

Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-2	Account Management	Protects	T1562.001	Disable or Modify Tools
AC-3	Access Enforcement	Protects	T1562.001	Disable or Modify Tools
AC-5	Separation of Duties	Protects	T1562.001	Disable or Modify Tools
AC-6	Least Privilege	Protects	T1562.001	Disable or Modify Tools
CA-7	Continuous Monitoring	Protects	T1562.001	Disable or Modify Tools
CM-2	Baseline Configuration	Protects	T1562.001	Disable or Modify Tools
CM-5	Access Restrictions for Change	Protects	T1562.001	Disable or Modify Tools
CM-6	Configuration Settings	Protects	T1562.001	Disable or Modify Tools
CM-7	Least Functionality	Protects	T1562.001	Disable or Modify Tools
IA-2	Identification and Authentication (organizational Users)	Protects	T1562.001	Disable or Modify Tools
SI-3	Malicious Code Protection	Protects	T1562.001	Disable or Modify Tools
SI-4	System Monitoring	Protects	T1562.001	Disable or Modify Tools
SI-7	Software, Firmware, and Information Integrity	Protects	T1562.001	Disable or Modify Tools
action.malware.variety.Disable controls	Disable or interfere with security controls	related-to	T1562.001	Impair Defenses: Disable or Modify Tools
aws_config	AWS Config	technique_scores	T1562.001	Disable or Modify Tools
amazon_guardduty	Amazon GuardDuty	technique_scores	T1562.001	Disable or Modify Tools
amazon_inspector	Amazon Inspector	technique_scores	T1562.001	Disable or Modify Tools
aws_security_hub	AWS Security Hub	technique_scores	T1562.001	Disable or Modify Tools