mapping_objects: - attack_object_id: T1496.002 attack_object_name: Bandwidth Hijacking capability_description: null capability_group: null capability_id: null comments: no mitiigations in att&ck mapping_type: non_mappable references: [] - attack_object_id: T1496.004 attack_object_name: Cloud Service Hijacking capability_description: null capability_group: null capability_id: null comments: no mitiigations in att&ck mapping_type: non_mappable references: [] - attack_object_id: T1546.017 attack_object_name: Udev Rules capability_description: null capability_group: null capability_id: null comments: No mitigations mapping_type: non_mappable references: [] - attack_object_id: T1650 attack_object_name: Acquire Access capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1566.004 attack_object_name: Spearphishing Voice capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.001 attack_object_name: Domains capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.002 attack_object_name: DNS Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.003 attack_object_name: Virtual Private Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.004 attack_object_name: Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.005 attack_object_name: Botnet capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.006 attack_object_name: Web Services capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.007 attack_object_name: Serverless capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583.008 attack_object_name: Malvertising capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584 attack_object_name: Compromise Infrastructure capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.001 attack_object_name: Domains capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.002 attack_object_name: DNS Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.003 attack_object_name: Virtual Private Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.004 attack_object_name: Server capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.005 attack_object_name: Botnet capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.006 attack_object_name: Web Services capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.007 attack_object_name: Serverless capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1584.008 attack_object_name: Network Devices capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1585 attack_object_name: Establish Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1585.001 attack_object_name: Social Media Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1585.002 attack_object_name: Email Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1585.003 attack_object_name: Cloud Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1586 attack_object_name: Compromise Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1586.001 attack_object_name: Social Media Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588 attack_object_name: Obtain Capabilities capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.001 attack_object_name: Malware capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1589 attack_object_name: Gather Victim Identity Information capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1589.001 attack_object_name: Credentials capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1589.002 attack_object_name: Email Addresses capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1589.003 attack_object_name: Employee Names capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590 attack_object_name: Gather Victim Network Information capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590.001 attack_object_name: Domain Properties capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590.003 attack_object_name: Network Trust Dependencies capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590.004 attack_object_name: Network Topology capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590.005 attack_object_name: IP Addresses capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1590.006 attack_object_name: Network Security Appliances capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1591 attack_object_name: Gather Victim Org Information capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1591.001 attack_object_name: Determine Physical Locations capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1591.002 attack_object_name: Business Relationships capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1591.003 attack_object_name: Identify Business Tempo capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1591.004 attack_object_name: Identify Roles capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1592 attack_object_name: Gather Victim Host Information capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1592.002 attack_object_name: Software capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1592.003 attack_object_name: Firmware capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1592.004 attack_object_name: Client Configurations capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1593.001 attack_object_name: Social Media capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1593.002 attack_object_name: Search Engines capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1594 attack_object_name: Search Victim-Owned Websites capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1595 attack_object_name: Active Scanning capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1595.001 attack_object_name: Scanning IP Blocks capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1595.002 attack_object_name: Vulnerability Scanning capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596 attack_object_name: Search Open Technical Databases capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596.001 attack_object_name: DNS/Passive DNS capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596.003 attack_object_name: Digital Certificates capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596.004 attack_object_name: CDNs capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1597 attack_object_name: Search Closed Sources capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1597.001 attack_object_name: Threat Intel Vendors capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1597.002 attack_object_name: Purchase Technical Data capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1598.004 attack_object_name: Spearphishing Voice capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608 attack_object_name: Stage Capabilities capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.002 attack_object_name: Upload Tool capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.003 attack_object_name: Install Digital Certificate capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.004 attack_object_name: Drive-by Target capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.005 attack_object_name: Link Target capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.006 attack_object_name: SEO Poisoning capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1652 attack_object_name: Device Driver Discovery capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1656 attack_object_name: Impersonation capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1583 attack_object_name: Acquire Infrastructure capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1564.011 attack_object_name: Ignore Process Interrupts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.007 attack_object_name: Artificial Intelligence capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1592.001 attack_object_name: Hardware capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596.005 attack_object_name: Scan Databases capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1608.001 attack_object_name: Upload Malware capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1016.002 attack_object_name: Wi-Fi Discovery capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1665 attack_object_name: Hide Infrastructure capability_description: null capability_group: null capability_id: null comments: No mitigations in ATT&CK mapping_type: non_mappable references: [] - attack_object_id: T1036.009 attack_object_name: Break Process Trees capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1480.002 attack_object_name: Mutual Exclusion capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1496 attack_object_name: Resource Hijacking capability_description: null capability_group: null capability_id: null comments: no mitiigations in att&ck mapping_type: non_mappable references: [] - attack_object_id: T1496.001 attack_object_name: Compute Hijacking capability_description: null capability_group: null capability_id: null comments: no mitiigations in att&ck mapping_type: non_mappable references: [] - attack_object_id: T1586.002 attack_object_name: Email Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1586.003 attack_object_name: Cloud Accounts capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1587 attack_object_name: Develop Capabilities capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1587.001 attack_object_name: Malware capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1587.002 attack_object_name: Code Signing Certificates capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1587.003 attack_object_name: Digital Certificates capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1587.004 attack_object_name: Exploits capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.002 attack_object_name: Tool capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.003 attack_object_name: Code Signing Certificates capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.004 attack_object_name: Digital Certificates capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.005 attack_object_name: Exploits capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1588.006 attack_object_name: Vulnerabilities capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1596.002 attack_object_name: WHOIS capability_description: null capability_group: null capability_id: null mapping_type: non_mappable references: [] - attack_object_id: T1666 attack_object_name: Modify Cloud Resource Hierarchy capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 comments: Monitoring and reviewing changes to the configuration of the IaaS environment (in this case, the cloud resource hierarchy) allows for the detection and reversal of unauthorized changes to prevent exploitation. mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Account Management capability_group: AC capability_id: AC-02 comments: Control AC-2 (Account Management) contains provisions for the monitoring of accounts for unusual activity and atypical usage as part of a dynamic account management approach. By monitoring these accounts, the system may be able to detect unauthorized changes to the accounts and take the necessary steps, either automatically or by alerting personnel, to remedy and mitigate the issue. mapping_type: mitigates references: [] - attack_object_id: T1496.003 attack_object_name: SMS Pumping capability_description: Denial-of-service Protection capability_group: SC capability_id: SC-05 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1056.002 attack_object_name: GUI Input Capture capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218.011 attack_object_name: Rundll32 capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1555.002 attack_object_name: Securityd Memory capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036.010 attack_object_name: Masquerade Account Name capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1087 attack_object_name: Account Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1087.001 attack_object_name: Local Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1087.002 attack_object_name: Domain Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1216.002 attack_object_name: SyncAppvPublishingServer capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1590.002 attack_object_name: DNS capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1548.005 attack_object_name: Temporary Elevated Cloud Access capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1555.002 attack_object_name: Securityd Memory capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1649 attack_object_name: Steal or Forge Authentication Certificates capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Network Disconnect capability_group: SC capability_id: SC-10 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Network Disconnect capability_group: SC capability_id: SC-10 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Network Disconnect capability_group: SC capability_id: SC-10 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Public Key Infrastructure Certificates capability_group: SC capability_id: SC-17 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Identity Proofing capability_group: IA capability_id: IA-12 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Identity Proofing capability_group: IA capability_id: IA-12 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Identity Proofing capability_group: IA capability_id: IA-12 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1606.002 attack_object_name: SAML Tokens capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1649 attack_object_name: Steal or Forge Authentication Certificates capability_description: Identity Providers and Authorization Servers capability_group: IA capability_id: IA-13 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Developer-provided Training capability_group: SA capability_id: SA-16 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Control Assessments capability_group: CA capability_id: CA-02 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Control Assessments capability_group: CA capability_id: CA-02 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Control Assessments capability_group: CA capability_id: CA-02 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Heterogeneity capability_group: SC capability_id: SC-29 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Heterogeneity capability_group: SC capability_id: SC-29 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Information Sharing capability_group: AC capability_id: AC-21 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Information Sharing capability_group: AC capability_id: AC-21 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Information Sharing capability_group: AC capability_id: AC-21 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Information Sharing capability_group: AC capability_id: AC-21 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Information Sharing capability_group: AC capability_id: AC-21 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Cryptographic Protection capability_group: SC capability_id: SC-13 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Wireless Link Protection capability_group: SC capability_id: SC-40 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.005 attack_object_name: Publish/Subscribe Protocols capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1521.003 attack_object_name: SSL Pinning capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Transmission of Security and Privacy Attributes capability_group: SC capability_id: SC-16 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Developer-provided Training capability_group: SA capability_id: SA-16 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1590.002 attack_object_name: DNS capability_description: Information System Partitioning capability_group: SC capability_id: SC-32 mapping_type: mitigates references: [] - attack_object_id: T1590.002 attack_object_name: DNS capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1560 attack_object_name: Archive Collected Data capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Usage Restrictions capability_group: SC capability_id: SC-43 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Usage Restrictions capability_group: SC capability_id: SC-43 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Usage Restrictions capability_group: SC capability_id: SC-43 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.011 attack_object_name: Rundll32 capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1564.003 attack_object_name: Hidden Window capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.013 attack_object_name: Encrypted/Encoded File capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 comments: Encrypted/encoded malware is designed to hide its true purpose from an observer, meaning that signature-based methods of detection may fail. Incorporating alternative detection methods as noted in control SI-03 can provide additional avenues to detect these obfuscated malware and protect against the damage they can cause. mapping_type: mitigates references: [] - attack_object_id: T1027.014 attack_object_name: Polymorphic Code capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 comments: As polymorphic code is difficult to detect via signature-based means, non-signature-based means, pointed out in this control, should be implemented for detection. Additionally, endpoint-level fortifications should be taken to prevent the malware from inflicting damage on systems. mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.015 attack_object_name: ListPlanting capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1056.002 attack_object_name: GUI Input Capture capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.010 attack_object_name: Relocate Malware capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1560 attack_object_name: Archive Collected Data capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1564.012 attack_object_name: File/Path Exclusions capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1056.002 attack_object_name: GUI Input Capture capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.010 attack_object_name: Relocate Malware capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1216.002 attack_object_name: SyncAppvPublishingServer capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.011 attack_object_name: Rundll32 capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.003 attack_object_name: Hidden Window capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Permitted Actions Without Identification or Authentication capability_group: AC capability_id: AC-14 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1578.005 attack_object_name: Modify Cloud Compute Configurations capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1560 attack_object_name: Archive Collected Data capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1001 attack_object_name: Data Obfuscation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1216.002 attack_object_name: SyncAppvPublishingServer capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1554 attack_object_name: Compromise Host Software Binary capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1036.010 attack_object_name: Masquerade Account Name capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543.005 attack_object_name: Container Service capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1649 attack_object_name: Steal or Forge Authentication Certificates capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1087 attack_object_name: Account Discovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1087.001 attack_object_name: Local Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1087.002 attack_object_name: Domain Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1216.002 attack_object_name: SyncAppvPublishingServer capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1564.003 attack_object_name: Hidden Window capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1590.002 attack_object_name: DNS capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.011 attack_object_name: Fileless Storage capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.010 attack_object_name: Masquerade Account Name capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1040 attack_object_name: Network Sniffing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1056.002 attack_object_name: GUI Input Capture capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.010 attack_object_name: Relocate Malware capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071.005 attack_object_name: Publish/Subscribe Protocols capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1087 attack_object_name: Account Discovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1087.001 attack_object_name: Local Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1087.002 attack_object_name: Domain Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1092 attack_object_name: Communication Through Removable Media capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1119 attack_object_name: Automated Collection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1127.002 attack_object_name: ClickOnce capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1195.001 attack_object_name: Compromise Software Dependencies and Development Tools capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.011 attack_object_name: Rundll32 capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1550.001 attack_object_name: Application Access Token capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1555.002 attack_object_name: Securityd Memory capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1560 attack_object_name: Archive Collected Data capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.001 attack_object_name: DLL Search Order Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003 attack_object_name: OS Credential Dumping capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.001 attack_object_name: LSASS Memory capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.005 attack_object_name: Cached Domain Credentials capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.007 attack_object_name: Proc Filesystem capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021 attack_object_name: Remote Services capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1027 attack_object_name: Obfuscated Files or Information capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1036 attack_object_name: Masquerading capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1036.010 attack_object_name: Masquerade Account Name capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1036.010 attack_object_name: Masquerade Account Name capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1037 attack_object_name: Boot or Logon Initialization Scripts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1047 attack_object_name: Windows Management Instrumentation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053 attack_object_name: Scheduled Task/Job capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053.002 attack_object_name: At capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053.005 attack_object_name: Scheduled Task capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1059 attack_object_name: Command and Scripting Interpreter capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.010 attack_object_name: AutoHotKey & AutoIT capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.011 attack_object_name: Lua capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.001 attack_object_name: Clear Windows Event Logs capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.003 attack_object_name: Clear Command History capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1071.005 attack_object_name: Publish/Subscribe Protocols capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1078.001 attack_object_name: Default Accounts capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1078.003 attack_object_name: Local Accounts capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078.004 attack_object_name: Cloud Accounts capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1087 attack_object_name: Account Discovery capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.002 attack_object_name: Additional Email Delegate Permissions capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.003 attack_object_name: Additional Cloud Roles capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.005 attack_object_name: Device Registration capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.007 attack_object_name: Additional Local or Domain Groups capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1110 attack_object_name: Brute Force capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1114.002 attack_object_name: Remote Email Collection capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1134.001 attack_object_name: Token Impersonation/Theft capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1134.003 attack_object_name: Make and Impersonate Token capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Concurrent Session Control capability_group: AC capability_id: AC-10 mapping_type: mitigates references: [] - attack_object_id: T1137.002 attack_object_name: Office Test capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1213.003 attack_object_name: Code Repositories capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1213.004 attack_object_name: Customer Relationship Management Software capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1484 attack_object_name: Domain or Tenant Policy Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1485 attack_object_name: Data Destruction capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1485.001 attack_object_name: Lifecycle-Triggered Deletion capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1490 attack_object_name: Inhibit System Recovery capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1505.003 attack_object_name: Web Shell capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Concurrent Session Control capability_group: AC capability_id: AC-10 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1528 attack_object_name: Steal Application Access Token capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1539 attack_object_name: Steal Web Session Cookie capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543.003 attack_object_name: Windows Service capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543.005 attack_object_name: Container Service capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543.005 attack_object_name: Container Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543.005 attack_object_name: Container Service capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543.005 attack_object_name: Container Service capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1546.003 attack_object_name: Windows Management Instrumentation Event Subscription capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546.016 attack_object_name: Installer Packages capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1547.003 attack_object_name: Time Providers capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1547.004 attack_object_name: Winlogon Helper DLL capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1547.009 attack_object_name: Shortcut Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1548.005 attack_object_name: Temporary Elevated Cloud Access capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1548.005 attack_object_name: Temporary Elevated Cloud Access capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1548.005 attack_object_name: Temporary Elevated Cloud Access capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1548.006 attack_object_name: TCC Manipulation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1550 attack_object_name: Use Alternate Authentication Material capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1555.002 attack_object_name: Securityd Memory capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1555.002 attack_object_name: Securityd Memory capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1555.005 attack_object_name: Password Managers capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556 attack_object_name: Modify Authentication Process capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.001 attack_object_name: Domain Controller Authentication capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.006 attack_object_name: Multi-Factor Authentication capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.007 attack_object_name: Hybrid Identity capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556.009 attack_object_name: Conditional Access Policies capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1558 attack_object_name: Steal or Forge Kerberos Tickets capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1558.005 attack_object_name: Ccache Files capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562 attack_object_name: Impair Defenses capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.004 attack_object_name: Disable or Modify System Firewall capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.006 attack_object_name: Indicator Blocking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.007 attack_object_name: Disable or Modify Cloud Firewall capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1564.004 attack_object_name: NTFS File Attributes capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.014 attack_object_name: AppDomainManager capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578.005 attack_object_name: Modify Cloud Compute Configurations capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578.005 attack_object_name: Modify Cloud Compute Configurations capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1578.005 attack_object_name: Modify Cloud Compute Configurations capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1590.002 attack_object_name: DNS capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1606.002 attack_object_name: SAML Tokens capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1606.002 attack_object_name: SAML Tokens capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1606.002 attack_object_name: SAML Tokens capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1621 attack_object_name: Multi-Factor Authentication Request Generation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1651 attack_object_name: Cloud Administration Command capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1654 attack_object_name: Log Enumeration capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1654 attack_object_name: Log Enumeration capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1654 attack_object_name: Log Enumeration capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1654 attack_object_name: Log Enumeration capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1657 attack_object_name: Financial Theft capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1657 attack_object_name: Financial Theft capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1001.001 attack_object_name: Junk Data capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1001.003 attack_object_name: Protocol or Service Impersonation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1020.001 attack_object_name: Traffic Duplication capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071 attack_object_name: Application Layer Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.002 attack_object_name: File Transfer Protocols capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.003 attack_object_name: Mail Protocols capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.005 attack_object_name: Publish/Subscribe Protocols capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1072 attack_object_name: Software Deployment Tools capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1078 attack_object_name: Valid Accounts capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1090.003 attack_object_name: Multi-hop Proxy capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1098 attack_object_name: Account Manipulation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1098.001 attack_object_name: Additional Cloud Credentials capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1102 attack_object_name: Web Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1105 attack_object_name: Ingress Tool Transfer capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1114 attack_object_name: Email Collection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1114.003 attack_object_name: Email Forwarding Rule capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1136 attack_object_name: Create Account capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1136.002 attack_object_name: Domain Account capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1136.003 attack_object_name: Cloud Account capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1190 attack_object_name: Exploit Public-Facing Application capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1203 attack_object_name: Exploitation for Client Execution capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1204 attack_object_name: User Execution capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1204.002 attack_object_name: Malicious File capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1218 attack_object_name: System Binary Proxy Execution capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1218.015 attack_object_name: Electron Applications capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1219 attack_object_name: Remote Access Software capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1489 attack_object_name: Service Stop capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1530 attack_object_name: Data from Cloud Storage capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1537 attack_object_name: Transfer Data to Cloud Account capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1552 attack_object_name: Unsecured Credentials capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1552.001 attack_object_name: Credentials In Files capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1552.004 attack_object_name: Private Keys capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1557 attack_object_name: Adversary-in-the-Middle capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1557.004 attack_object_name: Evil Twin capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1560 attack_object_name: Archive Collected Data capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1563 attack_object_name: Remote Service Session Hijacking capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1565 attack_object_name: Data Manipulation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1566 attack_object_name: Phishing capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1566.001 attack_object_name: Spearphishing Attachment capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1566.002 attack_object_name: Spearphishing Link capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1566.003 attack_object_name: Spearphishing via Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1572 attack_object_name: Protocol Tunneling capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1573 attack_object_name: Encrypted Channel capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1598.003 attack_object_name: Spearphishing Link capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1610 attack_object_name: Deploy Container capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1611 attack_object_name: Escape to Host capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1648 attack_object_name: Serverless Execution capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1059.006 attack_object_name: Python capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1176 attack_object_name: Browser Extensions capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1195 attack_object_name: Supply Chain Compromise capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1213 attack_object_name: Data from Information Repositories capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1213.001 attack_object_name: Confluence capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1213.002 attack_object_name: Sharepoint capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1213.005 attack_object_name: Messaging Applications capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1542 attack_object_name: Pre-OS Boot capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1542.001 attack_object_name: System Firmware capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1543 attack_object_name: Create or Modify System Process capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1543.002 attack_object_name: Systemd Service capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1546 attack_object_name: Event Triggered Execution capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1548 attack_object_name: Abuse Elevation Control Mechanism capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1553 attack_object_name: Subvert Trust Controls capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1555 attack_object_name: Credentials from Password Stores capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1578.005 attack_object_name: Modify Cloud Compute Configurations capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1201 attack_object_name: Password Policy Discovery capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218.010 attack_object_name: Regsvr32 capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1555.001 attack_object_name: Keychain capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1564.010 attack_object_name: Process Argument Spoofing capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Continuous Monitoring capability_group: CA capability_id: CA-07 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1011 attack_object_name: Exfiltration Over Other Network Medium capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1027.010 attack_object_name: Command Obfuscation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036.001 attack_object_name: Invalid Code Signature capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1127.001 attack_object_name: MSBuild capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1135 attack_object_name: Network Share Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1201 attack_object_name: Password Policy Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.002 attack_object_name: Authentication Package capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.005 attack_object_name: Security Support Provider capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548.001 attack_object_name: Setuid and Setgid capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.003 attack_object_name: Bash History capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1555.004 attack_object_name: Windows Credential Manager capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.002 attack_object_name: Password Filter DLL capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.003 attack_object_name: Impair Command History Logging capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.011 attack_object_name: Spoof Security Alerting capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1564.002 attack_object_name: Hidden Users capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1564.007 attack_object_name: VBA Stomping capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.006 attack_object_name: Dynamic Linker Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Configuration Settings capability_group: CM capability_id: CM-06 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.011 attack_object_name: Spoof Security Alerting capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574.011 attack_object_name: Services Registry Permissions Weakness capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Access Restrictions for Change capability_group: CM capability_id: CM-05 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.006 attack_object_name: Additional Container Cluster Roles capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1555.001 attack_object_name: Keychain capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1555.004 attack_object_name: Windows Credential Manager capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1556.005 attack_object_name: Reversible Encryption capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Authenticator Management capability_group: IA capability_id: IA-05 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Information Location capability_group: CM capability_id: CM-12 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Cryptographic Protection capability_group: SC capability_id: SC-13 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Operations Security capability_group: SC capability_id: SC-38 mapping_type: mitigates references: [] - attack_object_id: T1011 attack_object_name: Exfiltration Over Other Network Medium capability_description: Usage Restrictions capability_group: SC capability_id: SC-43 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1037.001 attack_object_name: Logon Script (Windows) capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1567.003 attack_object_name: Exfiltration to Text Storage Sites capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1567.004 attack_object_name: Exfiltration Over Webhook capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1659 attack_object_name: Content Injection capability_description: Remote Access capability_group: AC capability_id: AC-17 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Information Location capability_group: CM capability_id: CM-12 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Operations Security capability_group: SC capability_id: SC-38 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Port and I/O Device Access capability_group: SC capability_id: SC-41 mapping_type: mitigates references: [] - attack_object_id: T1036.001 attack_object_name: Invalid Code Signature capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Service Identification and Authentication capability_group: IA capability_id: IA-09 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Identification and Authentication (Non-Organizational Users) capability_group: IA capability_id: IA-08 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Security Alerts, Advisories, and Directives capability_group: SI capability_id: SI-05 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Alternate Processing Site capability_group: CP capability_id: CP-07 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Network Disconnect capability_group: SC capability_id: SC-10 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Network Disconnect capability_group: SC capability_id: SC-10 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Developer Configuration Management capability_group: SA capability_id: SA-10 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Identity Proofing capability_group: IA capability_id: IA-12 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Re-authentication capability_group: IA capability_id: IA-11 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Heterogeneity capability_group: SC capability_id: SC-29 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Cryptographic Module Authentication capability_group: IA capability_id: IA-07 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1200 attack_object_name: Hardware Additions capability_description: Media Use capability_group: MP capability_id: MP-07 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Port and I/O Device Access capability_group: SC capability_id: SC-41 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Port and I/O Device Access capability_group: SC capability_id: SC-41 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Port and I/O Device Access capability_group: SC capability_id: SC-41 mapping_type: mitigates references: [] - attack_object_id: T1200 attack_object_name: Hardware Additions capability_description: Port and I/O Device Access capability_group: SC capability_id: SC-41 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Control Assessments capability_group: CA capability_id: CA-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Control Assessments capability_group: CA capability_id: CA-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Decoys capability_group: SC capability_id: SC-26 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: External Malicious Code Identification capability_group: SC capability_id: SC-35 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Heterogeneity capability_group: SC capability_id: SC-29 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Heterogeneity capability_group: SC capability_id: SC-29 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Threat Hunting capability_group: RA capability_id: RA-10 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Decoys capability_group: SC capability_id: SC-26 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Decoys capability_group: SC capability_id: SC-26 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Concealment and Misdirection capability_group: SC capability_id: SC-30 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: External Malicious Code Identification capability_group: SC capability_id: SC-35 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: External Malicious Code Identification capability_group: SC capability_id: SC-35 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Security Alerts, Advisories, and Directives capability_group: SI capability_id: SI-05 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Security Alerts, Advisories, and Directives capability_group: SI capability_id: SI-05 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Security Alerts, Advisories, and Directives capability_group: SI capability_id: SI-05 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: System Recovery and Reconstitution capability_group: CP capability_id: CP-10 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Out-of-band Channels capability_group: SC capability_id: SC-37 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Transmission of Security and Privacy Attributes capability_group: SC capability_id: SC-16 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Unsupported System Components capability_group: SA capability_id: SA-22 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Non-persistence capability_group: SI capability_id: SI-14 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Cryptographic Protection capability_group: SC capability_id: SC-13 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Cryptographic Protection capability_group: SC capability_id: SC-13 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Cryptographic Protection capability_group: SC capability_id: SC-13 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Mobile Code capability_group: SC capability_id: SC-18 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Contingency Plan capability_group: CP capability_id: CP-02 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Software Usage Restrictions capability_group: CM capability_id: CM-10 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Resource Availability capability_group: SC capability_id: SC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Alternate Storage Site capability_group: CP capability_id: CP-06 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Distributed Processing and Storage capability_group: SC capability_id: SC-36 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Information Fragmentation capability_group: SI capability_id: SI-23 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: System Backup capability_group: CP capability_id: CP-09 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Data Mining Protection capability_group: AC capability_id: AC-23 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Information Exchange capability_group: CA capability_id: CA-03 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: External System Services capability_group: SA capability_id: SA-09 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Covert Channel Analysis capability_group: SC capability_id: SC-31 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Secure Name/Address Resolution Service (Recursive or Caching Resolver) capability_group: SC capability_id: SC-21 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Architecture and Provisioning for Name/Address Resolution Service capability_group: SC capability_id: SC-22 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: User-installed Software capability_group: CM capability_id: CM-11 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Cryptographic Key Establishment and Management capability_group: SC capability_id: SC-12 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Transmission of Security and Privacy Attributes capability_group: SC capability_id: SC-16 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Transmission of Security and Privacy Attributes capability_group: SC capability_id: SC-16 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Transmission of Security and Privacy Attributes capability_group: SC capability_id: SC-16 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Development Process, Standards, and Tools capability_group: SA capability_id: SA-15 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Developer-provided Training capability_group: SA capability_id: SA-16 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Developer Security and Privacy Architecture and Design capability_group: SA capability_id: SA-17 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: System Development Life Cycle capability_group: SA capability_id: SA-03 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Acquisition Process capability_group: SA capability_id: SA-04 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Authentication Feedback capability_group: IA capability_id: IA-06 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Secure Name/Address Resolution Service (Authoritative Source) capability_group: SC capability_id: SC-20 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Detonation Chambers capability_group: SC capability_id: SC-44 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Spam Protection capability_group: SI capability_id: SI-08 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Criticality Analysis capability_group: RA capability_id: RA-09 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Component Authenticity capability_group: SR capability_id: SR-11 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Provenance capability_group: SR capability_id: SR-04 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Acquisition Strategies, Tools, and Methods capability_group: SR capability_id: SR-05 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Access Control for Mobile Devices capability_group: AC capability_id: AC-19 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Identifier Management capability_group: IA capability_id: IA-04 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1552.003 attack_object_name: Bash History capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Protection of Information at Rest capability_group: SC capability_id: SC-28 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1595.003 attack_object_name: Wordlist Scanning capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Information in Shared System Resources capability_group: SC capability_id: SC-04 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Information Management and Retention capability_group: SI capability_id: SI-12 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Public Key Infrastructure Certificates capability_group: SC capability_id: SC-17 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Separation of System and User Functionality capability_group: SC capability_id: SC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Security Function Isolation capability_group: SC capability_id: SC-03 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Non-modifiable Executable Programs capability_group: SC capability_id: SC-34 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1547.002 attack_object_name: Authentication Package capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1547.005 attack_object_name: Security Support Provider capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Process Isolation capability_group: SC capability_id: SC-39 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Memory Protection capability_group: SI capability_id: SI-16 mapping_type: mitigates references: [] - attack_object_id: T1027.002 attack_object_name: Software Packing capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1027.007 attack_object_name: Dynamic API Resolution capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1027.008 attack_object_name: Stripped Payloads capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1027.009 attack_object_name: Embedded Payloads capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1546.010 attack_object_name: AppInit DLLs capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1546.011 attack_object_name: Application Shimming capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1606.001 attack_object_name: Web Cookies capability_description: Flaw Remediation capability_group: SI capability_id: SI-02 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1127.001 attack_object_name: MSBuild capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1560.001 attack_object_name: Archive via Utility capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Vulnerability Monitoring and Scanning capability_group: RA capability_id: RA-05 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Usage Restrictions capability_group: SC capability_id: SC-43 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Device Identification and Authentication capability_group: IA capability_id: IA-03 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1127.001 attack_object_name: MSBuild capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1564.007 attack_object_name: VBA Stomping capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1593.003 attack_object_name: Code Repositories capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: System Component Inventory capability_group: CM capability_id: CM-08 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1535 attack_object_name: Unused/Unsupported Cloud Regions capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1550.004 attack_object_name: Web Session Cookie capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Session Authenticity capability_group: SC capability_id: SC-23 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Cross Domain Policy Enforcement capability_group: SC capability_id: SC-46 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1090.004 attack_object_name: Domain Fronting capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1550.004 attack_object_name: Web Session Cookie capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Transmission Confidentiality and Integrity capability_group: SC capability_id: SC-08 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1027.010 attack_object_name: Command Obfuscation capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1036.008 attack_object_name: Masquerade File Type capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.010 attack_object_name: Regsvr32 capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1546.009 attack_object_name: AppCert DLLs capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1546.010 attack_object_name: AppInit DLLs capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.006 attack_object_name: Dynamic Linker Hijacking capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Information Input Validation capability_group: SI capability_id: SI-10 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Information Output Filtering capability_group: SI capability_id: SI-15 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.002 attack_object_name: Software Packing capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.007 attack_object_name: Dynamic API Resolution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.008 attack_object_name: Stripped Payloads capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.009 attack_object_name: Embedded Payloads capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.010 attack_object_name: Command Obfuscation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1027.012 attack_object_name: LNK Icon Smuggling capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1036.008 attack_object_name: Masquerade File Type capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1201 attack_object_name: Password Policy Discovery capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.002 attack_object_name: Authentication Package capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.005 attack_object_name: Security Support Provider capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1560.001 attack_object_name: Archive via Utility capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1562.011 attack_object_name: Spoof Security Alerting capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Malicious Code Protection capability_group: SI capability_id: SI-03 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1027.002 attack_object_name: Software Packing capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1027.007 attack_object_name: Dynamic API Resolution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1027.008 attack_object_name: Stripped Payloads capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1027.009 attack_object_name: Embedded Payloads capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1036.001 attack_object_name: Invalid Code Signature capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1112 attack_object_name: Modify Registry capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.010 attack_object_name: Regsvr32 capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.009 attack_object_name: AppCert DLLs capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.010 attack_object_name: AppInit DLLs capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.002 attack_object_name: Authentication Package capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.005 attack_object_name: Security Support Provider capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1550.004 attack_object_name: Web Session Cookie capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.011 attack_object_name: Spoof Security Alerting capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1564.010 attack_object_name: Process Argument Spoofing capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.006 attack_object_name: Dynamic Linker Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Software, Firmware, and Information Integrity capability_group: SI capability_id: SI-07 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1011 attack_object_name: Exfiltration Over Other Network Medium capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1200 attack_object_name: Hardware Additions capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1567.001 attack_object_name: Exfiltration to Code Repository capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1567.002 attack_object_name: Exfiltration to Cloud Storage capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Wireless Access capability_group: AC capability_id: AC-18 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Use of External Systems capability_group: AC capability_id: AC-20 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Security and Privacy Attributes capability_group: AC capability_id: AC-16 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1560.001 attack_object_name: Archive via Utility capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1036.001 attack_object_name: Invalid Code Signature capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1127.001 attack_object_name: MSBuild capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1201 attack_object_name: Password Policy Discovery capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.010 attack_object_name: AppInit DLLs capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1555.004 attack_object_name: Windows Credential Manager capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.003 attack_object_name: Impair Command History Logging capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1564.007 attack_object_name: VBA Stomping capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1653 attack_object_name: Power Settings capability_description: Baseline Configuration capability_group: CM capability_id: CM-02 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1505.001 attack_object_name: SQL Stored Procedures capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Developer Testing and Evaluation capability_group: SA capability_id: SA-11 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1574.002 attack_object_name: DLL Side-Loading capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Security and Privacy Engineering Principles capability_group: SA capability_id: SA-08 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1580 attack_object_name: Cloud Infrastructure Discovery capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Identification and Authentication (Organizational Users) capability_group: IA capability_id: IA-02 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1011 attack_object_name: Exfiltration Over Other Network Medium capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1036.008 attack_object_name: Masquerade File Type capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1037.001 attack_object_name: Logon Script (Windows) capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1112 attack_object_name: Modify Registry capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1135 attack_object_name: Network Share Discovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1195.002 attack_object_name: Compromise Software Supply Chain capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1546.009 attack_object_name: AppCert DLLs capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1546.010 attack_object_name: AppInit DLLs capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1548.001 attack_object_name: Setuid and Setgid capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1552.003 attack_object_name: Bash History capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1555.004 attack_object_name: Windows Credential Manager capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1555.006 attack_object_name: Cloud Secrets Management Stores capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1556.002 attack_object_name: Password Filter DLL capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.003 attack_object_name: Impair Command History Logging capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1564.002 attack_object_name: Hidden Users capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.006 attack_object_name: Dynamic Linker Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1653 attack_object_name: Power Settings capability_description: Least Functionality capability_group: CM capability_id: CM-07 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1011 attack_object_name: Exfiltration Over Other Network Medium capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1011.001 attack_object_name: Exfiltration Over Bluetooth capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.002 attack_object_name: Software Packing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.007 attack_object_name: Dynamic API Resolution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.008 attack_object_name: Stripped Payloads capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.009 attack_object_name: Embedded Payloads capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.010 attack_object_name: Command Obfuscation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1027.012 attack_object_name: LNK Icon Smuggling capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.001 attack_object_name: Invalid Code Signature capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.007 attack_object_name: Double File Extension capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1036.008 attack_object_name: Masquerade File Type capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1111 attack_object_name: Multi-Factor Authentication Interception capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1127 attack_object_name: Trusted Developer Utilities Proxy Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1127.001 attack_object_name: MSBuild capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1129 attack_object_name: Shared Modules capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1135 attack_object_name: Network Share Discovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1201 attack_object_name: Password Policy Discovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1205.002 attack_object_name: Socket Filters capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1216 attack_object_name: System Script Proxy Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1216.001 attack_object_name: PubPrn capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.001 attack_object_name: Compiled HTML File capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.003 attack_object_name: CMSTP capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.004 attack_object_name: InstallUtil capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.005 attack_object_name: Mshta capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.008 attack_object_name: Odbcconf capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.009 attack_object_name: Regsvcs/Regasm capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.010 attack_object_name: Regsvr32 capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.013 attack_object_name: Mavinject capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1218.014 attack_object_name: MMC capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1220 attack_object_name: XSL Script Processing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.002 attack_object_name: Screensaver capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.006 attack_object_name: LC_LOAD_DYLIB Addition capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.008 attack_object_name: Accessibility Features capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1546.014 attack_object_name: Emond capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.002 attack_object_name: Authentication Package capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.005 attack_object_name: Security Support Provider capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.008 attack_object_name: LSASS Driver capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548.001 attack_object_name: Setuid and Setgid capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1548.004 attack_object_name: Elevated Execution with Prompt capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.003 attack_object_name: Bash History capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1552.008 attack_object_name: Chat Messages capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1553.001 attack_object_name: Gatekeeper Bypass capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1553.004 attack_object_name: Install Root Certificate capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1553.005 attack_object_name: Mark-of-the-Web Bypass capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1555.001 attack_object_name: Keychain capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1555.004 attack_object_name: Windows Credential Manager capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.002 attack_object_name: Password Filter DLL capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1559.003 attack_object_name: XPC Services capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1560.001 attack_object_name: Archive via Utility capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.003 attack_object_name: Impair Command History Logging capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.010 attack_object_name: Downgrade Attack capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.011 attack_object_name: Spoof Security Alerting capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.002 attack_object_name: Hidden Users capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.006 attack_object_name: Run Virtual Instance capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.007 attack_object_name: VBA Stomping capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.009 attack_object_name: Resource Forking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1564.010 attack_object_name: Process Argument Spoofing capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1565.002 attack_object_name: Transmitted Data Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1574.013 attack_object_name: KernelCallbackTable capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1653 attack_object_name: Power Settings capability_description: System Monitoring capability_group: SI capability_id: SI-04 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.002 attack_object_name: Security Account Manager capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.003 attack_object_name: NTDS capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.004 attack_object_name: LSA Secrets capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.006 attack_object_name: DCSync capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1003.008 attack_object_name: /etc/passwd and /etc/shadow capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1005 attack_object_name: Data from Local System capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Device Lock capability_group: AC capability_id: AC-11 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.004 attack_object_name: SSH capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.007 attack_object_name: Cloud Services capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1021.008 attack_object_name: Direct Cloud VM Connections capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1025 attack_object_name: Data from Removable Media capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1036.003 attack_object_name: Rename System Utilities capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1036.005 attack_object_name: Match Legitimate Name or Location capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1037.002 attack_object_name: Login Hook capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1037.003 attack_object_name: Network Logon Script capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1037.004 attack_object_name: RC Scripts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1037.005 attack_object_name: Startup Items capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1052 attack_object_name: Exfiltration Over Physical Medium capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1052.001 attack_object_name: Exfiltration over USB capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053.003 attack_object_name: Cron capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053.006 attack_object_name: Systemd Timers capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1053.007 attack_object_name: Container Orchestration Job capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1056.003 attack_object_name: Web Portal Capture capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1059.001 attack_object_name: PowerShell capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.002 attack_object_name: AppleScript capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.003 attack_object_name: Windows Command Shell capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.004 attack_object_name: Unix Shell capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.005 attack_object_name: Visual Basic capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.007 attack_object_name: JavaScript capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1059.008 attack_object_name: Network Device CLI capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1059.009 attack_object_name: Cloud API capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070 attack_object_name: Indicator Removal capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.002 attack_object_name: Clear Linux or Mac System Logs capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.007 attack_object_name: Clear Network Connection History and Configurations capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.008 attack_object_name: Clear Mailbox Data capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1070.009 attack_object_name: Clear Persistence capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1078.002 attack_object_name: Domain Accounts capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1087.004 attack_object_name: Cloud Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1091 attack_object_name: Replication Through Removable Media capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1098.004 attack_object_name: SSH Authorized Keys capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1098.006 attack_object_name: Additional Container Cluster Roles capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1098.006 attack_object_name: Additional Container Cluster Roles capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1098.006 attack_object_name: Additional Container Cluster Roles capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1106 attack_object_name: Native API capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1110.001 attack_object_name: Password Guessing capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1110.002 attack_object_name: Password Cracking capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1110.003 attack_object_name: Password Spraying capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1110.004 attack_object_name: Credential Stuffing capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1112 attack_object_name: Modify Registry capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1114.001 attack_object_name: Local Email Collection capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1134 attack_object_name: Access Token Manipulation capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1134.002 attack_object_name: Create Process with Token capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1134.005 attack_object_name: SID-History Injection capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1136.001 attack_object_name: Local Account capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Concurrent Session Control capability_group: AC capability_id: AC-10 mapping_type: mitigates references: [] - attack_object_id: T1137 attack_object_name: Office Application Startup capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.001 attack_object_name: Office Template Macros capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.003 attack_object_name: Outlook Forms capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.004 attack_object_name: Outlook Home Page capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.005 attack_object_name: Outlook Rules capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1137.006 attack_object_name: Add-ins capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Concurrent Session Control capability_group: AC capability_id: AC-10 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1185 attack_object_name: Browser Session Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: System Use Notification capability_group: AC capability_id: AC-08 mapping_type: mitigates references: [] - attack_object_id: T1200 attack_object_name: Hardware Additions capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1200 attack_object_name: Hardware Additions capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1205.002 attack_object_name: Socket Filters capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1218.002 attack_object_name: Control Panel capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1218.007 attack_object_name: Msiexec capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1222 attack_object_name: File and Directory Permissions Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1222.001 attack_object_name: Windows File and Directory Permissions Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1222.002 attack_object_name: Linux and Mac File and Directory Permissions Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1486 attack_object_name: Data Encrypted for Impact capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1491 attack_object_name: Defacement capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1491.001 attack_object_name: Internal Defacement capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1491.002 attack_object_name: External Defacement capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1505 attack_object_name: Server Software Component capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1505.002 attack_object_name: Transport Agent capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1505.005 attack_object_name: Terminal Services DLL capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1525 attack_object_name: Implant Internal Image capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1538 attack_object_name: Cloud Service Dashboard capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543.001 attack_object_name: Launch Agent capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1543.004 attack_object_name: Launch Daemon capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1546.004 attack_object_name: Unix Shell Configuration Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546.011 attack_object_name: Application Shimming capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1546.013 attack_object_name: PowerShell Profile capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1547.006 attack_object_name: Kernel Modules and Extensions capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1547.012 attack_object_name: Print Processors capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1548.002 attack_object_name: Bypass User Account Control capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1548.003 attack_object_name: Sudo and Sudo Caching capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1550.002 attack_object_name: Pass the Hash capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1550.003 attack_object_name: Pass the Ticket capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1552.002 attack_object_name: Credentials in Registry capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1552.006 attack_object_name: Group Policy Preferences capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1552.008 attack_object_name: Chat Messages capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1553.003 attack_object_name: SIP and Trust Provider Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1555.006 attack_object_name: Cloud Secrets Management Stores capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1555.006 attack_object_name: Cloud Secrets Management Stores capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1555.006 attack_object_name: Cloud Secrets Management Stores capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.003 attack_object_name: Pluggable Authentication Modules capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.004 attack_object_name: Network Device Authentication capability_description: Unsuccessful Logon Attempts capability_group: AC capability_id: AC-07 mapping_type: mitigates references: [] - attack_object_id: T1556.005 attack_object_name: Reversible Encryption capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1556.005 attack_object_name: Reversible Encryption capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1556.005 attack_object_name: Reversible Encryption capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1558.001 attack_object_name: Golden Ticket capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1558.002 attack_object_name: Silver Ticket capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1558.003 attack_object_name: Kerberoasting capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1558.004 attack_object_name: AS-REP Roasting capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1561 attack_object_name: Disk Wipe capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1561.001 attack_object_name: Disk Content Wipe capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1561.002 attack_object_name: Disk Structure Wipe capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.001 attack_object_name: Disable or Modify Tools capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.002 attack_object_name: Disable Windows Event Logging capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1562.009 attack_object_name: Safe Mode Boot capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1563.001 attack_object_name: SSH Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Device Lock capability_group: AC capability_id: AC-11 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Session Termination capability_group: AC capability_id: AC-12 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1567.001 attack_object_name: Exfiltration to Code Repository capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1567.002 attack_object_name: Exfiltration to Cloud Storage capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1567.003 attack_object_name: Exfiltration to Text Storage Sites capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1567.004 attack_object_name: Exfiltration Over Webhook capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1569 attack_object_name: System Services capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1569.001 attack_object_name: Launchctl capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1569.002 attack_object_name: Service Execution capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574 attack_object_name: Hijack Execution Flow capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.004 attack_object_name: Dylib Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.005 attack_object_name: Executable Installer File Permissions Weakness capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.007 attack_object_name: Path Interception by PATH Environment Variable capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.008 attack_object_name: Path Interception by Search Order Hijacking capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.009 attack_object_name: Path Interception by Unquoted Path capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.010 attack_object_name: Services File Permissions Weakness capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.011 attack_object_name: Services Registry Permissions Weakness capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1574.012 attack_object_name: COR_PROFILER capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1578 attack_object_name: Modify Cloud Compute Infrastructure capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1578.001 attack_object_name: Create Snapshot capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1578.002 attack_object_name: Create Cloud Instance capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1578.003 attack_object_name: Delete Cloud Instance capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1580 attack_object_name: Cloud Infrastructure Discovery capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1580 attack_object_name: Cloud Infrastructure Discovery capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1580 attack_object_name: Cloud Infrastructure Discovery capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1580 attack_object_name: Cloud Infrastructure Discovery capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1606 attack_object_name: Forge Web Credentials capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1606.001 attack_object_name: Web Cookies capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1606.001 attack_object_name: Web Cookies capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1606.001 attack_object_name: Web Cookies capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Account Management capability_group: AC capability_id: AC-02 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Separation of Duties capability_group: AC capability_id: AC-05 mapping_type: mitigates references: [] - attack_object_id: T1619 attack_object_name: Cloud Storage Object Discovery capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Access Enforcement capability_group: AC capability_id: AC-03 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Least Privilege capability_group: AC capability_id: AC-06 mapping_type: mitigates references: [] - attack_object_id: T1659 attack_object_name: Content Injection capability_description: Information Flow Enforcement capability_group: AC capability_id: AC-04 mapping_type: mitigates references: [] - attack_object_id: T1001.002 attack_object_name: Steganography capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1008 attack_object_name: Fallback Channels capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.001 attack_object_name: Remote Desktop Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.002 attack_object_name: SMB/Windows Admin Shares capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.003 attack_object_name: Distributed Component Object Model capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.005 attack_object_name: VNC capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1021.006 attack_object_name: Windows Remote Management capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1029 attack_object_name: Scheduled Transfer capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1030 attack_object_name: Data Transfer Size Limits capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1036.008 attack_object_name: Masquerade File Type capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1041 attack_object_name: Exfiltration Over C2 Channel capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1046 attack_object_name: Network Service Discovery capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1048 attack_object_name: Exfiltration Over Alternative Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1048.001 attack_object_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1048.002 attack_object_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1048.003 attack_object_name: Exfiltration Over Unencrypted Non-C2 Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055 attack_object_name: Process Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.001 attack_object_name: Dynamic-link Library Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.002 attack_object_name: Portable Executable Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.003 attack_object_name: Thread Execution Hijacking capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.004 attack_object_name: Asynchronous Procedure Call capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.005 attack_object_name: Thread Local Storage capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.008 attack_object_name: Ptrace System Calls capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.009 attack_object_name: Proc Memory capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.011 attack_object_name: Extra Window Memory Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.012 attack_object_name: Process Hollowing capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.013 attack_object_name: "Process Doppelg\xE4nging" capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1055.014 attack_object_name: VDSO Hijacking capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1068 attack_object_name: Exploitation for Privilege Escalation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.001 attack_object_name: Web Protocols capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1071.004 attack_object_name: DNS capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1080 attack_object_name: Taint Shared Content capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1090 attack_object_name: Proxy capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1090.001 attack_object_name: Internal Proxy capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1090.002 attack_object_name: External Proxy capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1095 attack_object_name: Non-Application Layer Protocol capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1102.001 attack_object_name: Dead Drop Resolver capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1102.002 attack_object_name: Bidirectional Communication capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1102.003 attack_object_name: One-Way Communication capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1104 attack_object_name: Multi-Stage Channels capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1132 attack_object_name: Data Encoding capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1132.001 attack_object_name: Standard Encoding capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1132.002 attack_object_name: Non-Standard Encoding capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1133 attack_object_name: External Remote Services capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1187 attack_object_name: Forced Authentication capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1189 attack_object_name: Drive-by Compromise capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1197 attack_object_name: BITS Jobs capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1199 attack_object_name: Trusted Relationship capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1204.001 attack_object_name: Malicious Link capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1204.003 attack_object_name: Malicious Image capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1205 attack_object_name: Traffic Signaling capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1205.001 attack_object_name: Port Knocking capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1210 attack_object_name: Exploitation of Remote Services capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1211 attack_object_name: Exploitation for Defense Evasion capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1212 attack_object_name: Exploitation for Credential Access capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1218.012 attack_object_name: Verclsid capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1221 attack_object_name: Template Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1482 attack_object_name: Domain Trust Discovery capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1498 attack_object_name: Network Denial of Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1498.001 attack_object_name: Direct Network Flood capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1498.002 attack_object_name: Reflection Amplification capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1499 attack_object_name: Endpoint Denial of Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1499.001 attack_object_name: OS Exhaustion Flood capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1499.002 attack_object_name: Service Exhaustion Flood capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1499.003 attack_object_name: Application Exhaustion Flood capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1499.004 attack_object_name: Application or System Exploitation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1505.004 attack_object_name: IIS Components capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1552.005 attack_object_name: Cloud Instance Metadata API capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1552.007 attack_object_name: Container API capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1557.001 attack_object_name: LLMNR/NBT-NS Poisoning and SMB Relay capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1557.002 attack_object_name: ARP Cache Poisoning capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1557.003 attack_object_name: DHCP Spoofing capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1559 attack_object_name: Inter-Process Communication capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1559.001 attack_object_name: Component Object Model capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1559.002 attack_object_name: Dynamic Data Exchange capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1560.001 attack_object_name: Archive via Utility capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1563.002 attack_object_name: RDP Hijacking capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1565.001 attack_object_name: Stored Data Manipulation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1565.003 attack_object_name: Runtime Data Manipulation capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1567 attack_object_name: Exfiltration Over Web Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1567.001 attack_object_name: Exfiltration to Code Repository capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1567.002 attack_object_name: Exfiltration to Cloud Storage capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1567.003 attack_object_name: Exfiltration to Text Storage Sites capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1567.004 attack_object_name: Exfiltration Over Webhook capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1568 attack_object_name: Dynamic Resolution capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1568.002 attack_object_name: Domain Generation Algorithms capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1570 attack_object_name: Lateral Tool Transfer capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1571 attack_object_name: Non-Standard Port capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1573.001 attack_object_name: Symmetric Cryptography capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1573.002 attack_object_name: Asymmetric Cryptography capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1598 attack_object_name: Phishing for Information capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1598.001 attack_object_name: Spearphishing Service capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1598.002 attack_object_name: Spearphishing Attachment capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1599 attack_object_name: Network Boundary Bridging capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1599.001 attack_object_name: Network Address Translation Traversal capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1602 attack_object_name: Data from Configuration Repository capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1602.001 attack_object_name: SNMP (MIB Dump) capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1602.002 attack_object_name: Network Device Configuration Dump capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1609 attack_object_name: Container Administration Command capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1612 attack_object_name: Build Image on Host capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1613 attack_object_name: Container and Resource Discovery capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1622 attack_object_name: Debugger Evasion capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1659 attack_object_name: Content Injection capability_description: Boundary Protection capability_group: SC capability_id: SC-07 mapping_type: mitigates references: [] - attack_object_id: T1195.003 attack_object_name: Compromise Hardware Supply Chain capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1495 attack_object_name: Firmware Corruption capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1542.003 attack_object_name: Bootkit capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1542.004 attack_object_name: ROMMONkit capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1542.005 attack_object_name: TFTP Boot capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1547.007 attack_object_name: Re-opened Applications capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1547.013 attack_object_name: XDG Autostart Entries capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1553.006 attack_object_name: Code Signing Policy Modification capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1556.008 attack_object_name: Network Provider DLL capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1562.008 attack_object_name: Disable or Modify Cloud Logs capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1562.012 attack_object_name: Disable or Modify Linux Audit System capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1564.008 attack_object_name: Email Hiding Rules capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1601 attack_object_name: Modify System Image capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1601.001 attack_object_name: Patch System Image capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1601.002 attack_object_name: Downgrade System Image capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1647 attack_object_name: Plist File Modification capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] - attack_object_id: T1653 attack_object_name: Power Settings capability_description: Configuration Change Control capability_group: CM capability_id: CM-03 mapping_type: mitigates references: [] metadata: attack_version: '16.1' author: null capability_groups: AC: Access Control CA: Security Assessment and Authorization CM: Configuration Management CP: Contingency Planning IA: Identification and Authentication MP: Media Protection RA: Risk Assessment SA: System and Services Acquisition SC: System and Communications Protection SI: System and Information Integrity SR: Supply Chain Risk Management contact: null creation_date: 01/13/2022 last_update: 04/16/2025 mapping_framework: nist_800_53 mapping_framework_version: rev5 mapping_types: mitigates: description: '' name: mitigates mapping_version: '' organization: null technology_domain: enterprise