Azure microsoft_antimalware_for_azure Mappings

Microsoft Antimalware for Azure is a free real-time protection that helps identify and remove viruses, spyware, and other malicious software. It generates alerts when known malicious or unwanted software tries to install itself or run on your Azure systems.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1566 Phishing
microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect minimal T1566 Phishing
microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1566.001 Spearphishing Attachment
Comments
This control may quarantine and/or delete any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
References
    microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect partial T1566.001 Spearphishing Attachment
    Comments
    This control may detect any spearphishing attachment that has been downloaded and matches a malware signature. Customized malware without a matching signature may not generate an alert.
    References
      microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1204 User Execution
      microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1204.002 Malicious File
      Comments
      This control monitors activity in cloud services and on virtual machines to block malware execution. This is dependent on a signature being available.
      References
        microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect minimal T1204.002 Malicious File
        Comments
        This control monitors activity in cloud services and on virtual machines to detect malware execution. This is dependent on a signature being available.
        References
          microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1105 Ingress Tool Transfer
          Comments
          This control may scan created files for malware and proceed to quarantine and/or delete the file. This control is dependent on a signature being available.
          References
          microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect minimal T1105 Ingress Tool Transfer
          Comments
          This control may scan created files for malware. This control is dependent on a signature being available.
          References
          microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1027 Obfuscated Files or Information
          microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect minimal T1027 Obfuscated Files or Information
          microsoft_antimalware_for_azure Microsoft Antimalware for Azure protect minimal T1027.002 Software Packing
          Comments
          This control may quarantine and/or delete malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
          References
            microsoft_antimalware_for_azure Microsoft Antimalware for Azure detect minimal T1027.002 Software Packing
            Comments
            This control may detect malware that has been packed by well known software packing utilities. These utilities can provide signatures that apply to a variety of malware.
            References