| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1027 | Obfuscated Files or Information |
Comments
This control can detect file obfuscation.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1027.002 | Software Packing |
Comments
This control may detect malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1105 | Ingress Tool Transfer |
Comments
This control may scan created files for malware. This control is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1204.002 | Malicious File |
Comments
This control monitors activity in cloud services and on virtual machines to detect malware execution. This is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | minimal | T1566 | Phishing |
Comments
This control can detect phishing.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1027 | Obfuscated Files or Information |
Comments
This control can prevent file obfuscation.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1027.002 | Software Packing |
Comments
This control may quarantine and/or delete malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1105 | Ingress Tool Transfer |
Comments
This control may scan created files for malware and proceed to quarantine and/or delete the file. This control is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1204 | User Execution |
Comments
This control can protect against user execution.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1204.002 | Malicious File |
Comments
This control monitors activity in cloud services and on virtual machines to block malware execution. This is dependent on a signature being available.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1566 | Phishing |
Comments
This control can protect against phishing.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | minimal | T1566.001 | Spearphishing Attachment |
Comments
This control may quarantine and/or delete any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | detect | partial | T1566.001 | Spearphishing Attachment |
Comments
This control may detect any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.006 | HTML Smuggling |
Comments
This control can protect against HTML smuggling.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.009 | Embedded Payloads |
Comments
This control can protect against embedded payloads.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.010 | Command Obfuscation |
Comments
This control can protect against command obfuscation attacks.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.011 | Fileless Storage |
Comments
This control can protect against fileless storage attacks.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.012 | LNK Icon Smuggling |
Comments
This control can protect against LNK icon smuggling.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.013 | Encrypted/Encoded File |
Comments
This control can protect against obsfucation via encrypted/encoded files.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1027.014 | Polymorphic Code |
Comments
This control can protect against obsfucation via polymorphic code.
References
|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | protect | partial | T1036.008 | Masquerade File Type |
Comments
This control can protect from malware.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| microsoft_antimalware_for_azure | Microsoft Antimalware for Azure | 21 |