T1562.001 Disable or Modify Tools Mappings

Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-5 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-6 Least Privilege Protects T1562.001 Disable or Modify Tools
CA-7 Continuous Monitoring Protects T1562.001 Disable or Modify Tools
CM-2 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-5 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-6 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-7 Least Functionality Protects T1562.001 Disable or Modify Tools
IA-2 Identification and Authentication (organizational Users) Protects T1562.001 Disable or Modify Tools
SI-3 Malicious Code Protection Protects T1562.001 Disable or Modify Tools
SI-4 System Monitoring Protects T1562.001 Disable or Modify Tools
SI-7 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
action.malware.variety.Disable controls Disable or interfere with security controls related-to T1562.001 Impair Defenses: Disable or Modify Tools
aws_config AWS Config technique_scores T1562.001 Disable or Modify Tools
amazon_guardduty Amazon GuardDuty technique_scores T1562.001 Disable or Modify Tools
amazon_inspector Amazon Inspector technique_scores T1562.001 Disable or Modify Tools
aws_security_hub AWS Security Hub technique_scores T1562.001 Disable or Modify Tools