| file_integrity_monitoring |
File Integrity Monitoring |
detect |
significant |
T1053 |
Scheduled Task/Job |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1053.001 |
At (Linux) |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1053.002 |
At (Windows) |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1053.003 |
Cron |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1053.005 |
Scheduled Task |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1053.006 |
Systemd Timers |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1098 |
Account Manipulation |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1098.004 |
SSH Authorized Keys |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547 |
Boot or Logon Autostart Execution |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.001 |
Registry Run Keys / Startup Folder |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.002 |
Authentication Package |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.003 |
Time Providers |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.004 |
Winlogon Helper DLL |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.005 |
Security Support Provider |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.006 |
Kernel Modules and Extensions |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.008 |
LSASS Driver |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.009 |
Shortcut Modification |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.010 |
Port Monitors |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1547.012 |
Print Processors |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1037 |
Boot or Logon Initialization Scripts |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1037.001 |
Logon Script (Windows) |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1037.003 |
Network Logon Script |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1543 |
Create or Modify System Process |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1543.002 |
Systemd Service |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1543.003 |
Windows Service |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546 |
Event Triggered Execution |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.001 |
Change Default File Association |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.002 |
Screensaver |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.004 |
.bash_profile and .bashrc |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.007 |
Netsh Helper DLL |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.008 |
Accessibility Features |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.009 |
AppCert DLLs |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.011 |
Application Shimming |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.012 |
Image File Execution Options Injection |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1546.013 |
PowerShell Profile |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1546.010 |
AppInit DLLs |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1546.015 |
Component Object Model Hijacking |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1574 |
Hijack Execution Flow |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1574.006 |
LD_PRELOAD |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1137 |
Office Application Startup |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1137.002 |
Office Test |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1548 |
Abuse Elevation Control Mechanism |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1548.002 |
Bypass User Account Control |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1548.003 |
Sudo and Sudo Caching |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1556 |
Modify Authentication Process |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1556.002 |
Password Filter DLL |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1556.003 |
Pluggable Authentication Modules |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1003 |
OS Credential Dumping |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1003.001 |
LSASS Memory |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1222 |
File and Directory Permissions Modification |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1222.001 |
Windows File and Directory Permissions Modification |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1222.002 |
Linux and Mac File and Directory Permissions Modification |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1562 |
Impair Defenses |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1562.001 |
Disable or Modify Tools |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1562.004 |
Disable or Modify System Firewall |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
minimal |
T1562.006 |
Indicator Blocking |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1553 |
Subvert Trust Controls |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1553.003 |
SIP and Trust Provider Hijacking |
| file_integrity_monitoring |
File Integrity Monitoring |
detect |
partial |
T1553.004 |
Install Root Certificate |
