|
IA-11
|
Re-authentication
| Protects |
T1110
|
Brute Force
|
|
IA-11
|
Re-authentication
| Protects |
T1110.001
|
Password Guessing
|
|
IA-11
|
Re-authentication
| Protects |
T1110.002
|
Password Cracking
|
|
IA-11
|
Re-authentication
| Protects |
T1110.003
|
Password Spraying
|
|
IA-11
|
Re-authentication
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-12
|
Identity Proofing
| Protects |
T1078
|
Valid Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.003
|
Local Accounts
|
|
IA-12
|
Identity Proofing
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.001
|
LSASS Memory
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.002
|
Security Account Manager
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.003
|
NTDS
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.006
|
DCSync
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.007
|
Proc Filesystem
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021
|
Remote Services
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.002
|
SMB/Windows Admin Shares
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.004
|
SSH
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.005
|
VNC
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1021.006
|
Windows Remote Management
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1036.007
|
Double File Extension
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1040
|
Network Sniffing
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1047
|
Windows Management Instrumentation
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.001
|
At (Linux)
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.002
|
At (Windows)
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.003
|
Cron
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.005
|
Scheduled Task
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.006
|
Systemd Timers
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1055
|
Process Injection
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1055.008
|
Ptrace System Calls
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1056.003
|
Web Portal Capture
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1059.001
|
PowerShell
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1059.008
|
Network Device CLI
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1072
|
Software Deployment Tools
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1078
|
Valid Accounts
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1078.003
|
Local Accounts
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1087.004
|
Cloud Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1098
|
Account Manipulation
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1098.002
|
Exchange Email Delegate Permissions
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1098.003
|
Add Office 365 Global Administrator Role
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1110
|
Brute Force
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1110.001
|
Password Guessing
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1110.002
|
Password Cracking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1110.003
|
Password Spraying
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1111
|
Two-Factor Authentication Interception
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1114
|
Email Collection
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1114.002
|
Remote Email Collection
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1133
|
External Remote Services
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1134
|
Access Token Manipulation
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1134.001
|
Token Impersonation/Theft
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1134.002
|
Create Process with Token
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1134.003
|
Make and Impersonate Token
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1136
|
Create Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1136.001
|
Local Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1136.002
|
Domain Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1136.003
|
Cloud Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1185
|
Browser Session Hijacking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1197
|
BITS Jobs
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1210
|
Exploitation of Remote Services
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1213.001
|
Confluence
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1213.002
|
Sharepoint
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1213.003
|
Code Repositories
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1218
|
Signed Binary Proxy Execution
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1218.007
|
Msiexec
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1222
|
File and Directory Permissions Modification
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1484
|
Domain Policy Modification
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1489
|
Service Stop
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1495
|
Firmware Corruption
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1505
|
Server Software Component
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1505.002
|
Transport Agent
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1505.004
|
IIS Components
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1525
|
Implant Internal Image
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1538
|
Cloud Service Dashboard
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1539
|
Steal Web Session Cookie
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1542.001
|
System Firmware
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1542.003
|
Bootkit
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1543
|
Create or Modify System Process
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1543.001
|
Launch Agent
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1543.002
|
Systemd Service
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1543.003
|
Windows Service
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1543.004
|
Launch Daemon
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1547.004
|
Winlogon Helper DLL
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1547.009
|
Shortcut Modification
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1547.012
|
Print Processors
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1547.013
|
XDG Autostart Entries
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1548.002
|
Bypass User Account Control
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1550
|
Use Alternate Authentication Material
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1550.001
|
Application Access Token
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1550.002
|
Pass the Hash
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1550.003
|
Pass the Ticket
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552.001
|
Credentials In Files
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552.002
|
Credentials in Registry
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552.004
|
Private Keys
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552.006
|
Group Policy Preferences
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1552.007
|
Container API
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1555.005
|
Password Managers
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1556
|
Modify Authentication Process
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1556.004
|
Network Device Authentication
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1558.001
|
Golden Ticket
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1558.002
|
Silver Ticket
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1558.003
|
Kerberoasting
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1558.004
|
AS-REP Roasting
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1559
|
Inter-Process Communication
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1559.001
|
Component Object Model
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562
|
Impair Defenses
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.001
|
Disable or Modify Tools
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.002
|
Disable Windows Event Logging
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.004
|
Disable or Modify System Firewall
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.006
|
Indicator Blocking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.007
|
Disable or Modify Cloud Firewall
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.008
|
Disable Cloud Logs
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1562.009
|
Safe Mode Boot
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1563.001
|
SSH Hijacking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1563.002
|
RDP Hijacking
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1569
|
System Services
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1569.001
|
Launchctl
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1569.002
|
Service Execution
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1574
|
Hijack Execution Flow
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1574.012
|
COR_PROFILER
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1580
|
Cloud Infrastructure Discovery
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1599
|
Network Boundary Bridging
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1601
|
Modify System Image
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1601.001
|
Patch System Image
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1610
|
Deploy Container
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1611
|
Escape to Host
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1613
|
Container and Resource Discovery
|
|
IA-2
|
Identification and Authentication (organizational Users)
| Protects |
T1619
|
Cloud Storage Object Discovery
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1602
|
Data from Configuration Repository
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
IA-3
|
Device Identification and Authentication
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
IA-4
|
Identifier Management
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-4
|
Identifier Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-4
|
Identifier Management
| Protects |
T1003.006
|
DCSync
|
|
IA-4
|
Identifier Management
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-4
|
Identifier Management
| Protects |
T1021.005
|
VNC
|
|
IA-4
|
Identifier Management
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-4
|
Identifier Management
| Protects |
T1053.002
|
At (Windows)
|
|
IA-4
|
Identifier Management
| Protects |
T1053.005
|
Scheduled Task
|
|
IA-4
|
Identifier Management
| Protects |
T1110
|
Brute Force
|
|
IA-4
|
Identifier Management
| Protects |
T1110.001
|
Password Guessing
|
|
IA-4
|
Identifier Management
| Protects |
T1110.002
|
Password Cracking
|
|
IA-4
|
Identifier Management
| Protects |
T1110.003
|
Password Spraying
|
|
IA-4
|
Identifier Management
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-4
|
Identifier Management
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-4
|
Identifier Management
| Protects |
T1213.001
|
Confluence
|
|
IA-4
|
Identifier Management
| Protects |
T1213.002
|
Sharepoint
|
|
IA-4
|
Identifier Management
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-4
|
Identifier Management
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-4
|
Identifier Management
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-4
|
Identifier Management
| Protects |
T1543
|
Create or Modify System Process
|
|
IA-4
|
Identifier Management
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-4
|
Identifier Management
| Protects |
T1550.001
|
Application Access Token
|
|
IA-4
|
Identifier Management
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-4
|
Identifier Management
| Protects |
T1552.005
|
Cloud Instance Metadata API
|
|
IA-4
|
Identifier Management
| Protects |
T1562
|
Impair Defenses
|
|
IA-4
|
Identifier Management
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-4
|
Identifier Management
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-4
|
Identifier Management
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-4
|
Identifier Management
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-4
|
Identifier Management
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-4
|
Identifier Management
| Protects |
T1602
|
Data from Configuration Repository
|
|
IA-4
|
Identifier Management
| Protects |
T1602.001
|
SNMP (MIB Dump)
|
|
IA-4
|
Identifier Management
| Protects |
T1602.002
|
Network Device Configuration Dump
|
|
IA-5
|
Authenticator Management
| Protects |
T1003
|
OS Credential Dumping
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.001
|
LSASS Memory
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.002
|
Security Account Manager
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.003
|
NTDS
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.004
|
LSA Secrets
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.005
|
Cached Domain Credentials
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.006
|
DCSync
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.007
|
Proc Filesystem
|
|
IA-5
|
Authenticator Management
| Protects |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
IA-5
|
Authenticator Management
| Protects |
T1021
|
Remote Services
|
|
IA-5
|
Authenticator Management
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-5
|
Authenticator Management
| Protects |
T1021.004
|
SSH
|
|
IA-5
|
Authenticator Management
| Protects |
T1040
|
Network Sniffing
|
|
IA-5
|
Authenticator Management
| Protects |
T1072
|
Software Deployment Tools
|
|
IA-5
|
Authenticator Management
| Protects |
T1078
|
Valid Accounts
|
|
IA-5
|
Authenticator Management
| Protects |
T1078.002
|
Domain Accounts
|
|
IA-5
|
Authenticator Management
| Protects |
T1078.004
|
Cloud Accounts
|
|
IA-5
|
Authenticator Management
| Protects |
T1098.001
|
Additional Cloud Credentials
|
|
IA-5
|
Authenticator Management
| Protects |
T1098.002
|
Exchange Email Delegate Permissions
|
|
IA-5
|
Authenticator Management
| Protects |
T1098.003
|
Add Office 365 Global Administrator Role
|
|
IA-5
|
Authenticator Management
| Protects |
T1110
|
Brute Force
|
|
IA-5
|
Authenticator Management
| Protects |
T1110.001
|
Password Guessing
|
|
IA-5
|
Authenticator Management
| Protects |
T1110.002
|
Password Cracking
|
|
IA-5
|
Authenticator Management
| Protects |
T1110.003
|
Password Spraying
|
|
IA-5
|
Authenticator Management
| Protects |
T1110.004
|
Credential Stuffing
|
|
IA-5
|
Authenticator Management
| Protects |
T1111
|
Two-Factor Authentication Interception
|
|
IA-5
|
Authenticator Management
| Protects |
T1114
|
Email Collection
|
|
IA-5
|
Authenticator Management
| Protects |
T1114.002
|
Remote Email Collection
|
|
IA-5
|
Authenticator Management
| Protects |
T1133
|
External Remote Services
|
|
IA-5
|
Authenticator Management
| Protects |
T1136
|
Create Account
|
|
IA-5
|
Authenticator Management
| Protects |
T1136.001
|
Local Account
|
|
IA-5
|
Authenticator Management
| Protects |
T1136.002
|
Domain Account
|
|
IA-5
|
Authenticator Management
| Protects |
T1136.003
|
Cloud Account
|
|
IA-5
|
Authenticator Management
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-5
|
Authenticator Management
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-5
|
Authenticator Management
| Protects |
T1539
|
Steal Web Session Cookie
|
|
IA-5
|
Authenticator Management
| Protects |
T1550.003
|
Pass the Ticket
|
|
IA-5
|
Authenticator Management
| Protects |
T1552
|
Unsecured Credentials
|
|
IA-5
|
Authenticator Management
| Protects |
T1552.001
|
Credentials In Files
|
|
IA-5
|
Authenticator Management
| Protects |
T1552.002
|
Credentials in Registry
|
|
IA-5
|
Authenticator Management
| Protects |
T1552.004
|
Private Keys
|
|
IA-5
|
Authenticator Management
| Protects |
T1552.006
|
Group Policy Preferences
|
|
IA-5
|
Authenticator Management
| Protects |
T1555
|
Credentials from Password Stores
|
|
IA-5
|
Authenticator Management
| Protects |
T1555.001
|
Keychain
|
|
IA-5
|
Authenticator Management
| Protects |
T1555.002
|
Securityd Memory
|
|
IA-5
|
Authenticator Management
| Protects |
T1555.004
|
Windows Credential Manager
|
|
IA-5
|
Authenticator Management
| Protects |
T1555.005
|
Password Managers
|
|
IA-5
|
Authenticator Management
| Protects |
T1556
|
Modify Authentication Process
|
|
IA-5
|
Authenticator Management
| Protects |
T1556.001
|
Domain Controller Authentication
|
|
IA-5
|
Authenticator Management
| Protects |
T1556.003
|
Pluggable Authentication Modules
|
|
IA-5
|
Authenticator Management
| Protects |
T1556.004
|
Network Device Authentication
|
|
IA-5
|
Authenticator Management
| Protects |
T1558
|
Steal or Forge Kerberos Tickets
|
|
IA-5
|
Authenticator Management
| Protects |
T1558.001
|
Golden Ticket
|
|
IA-5
|
Authenticator Management
| Protects |
T1558.002
|
Silver Ticket
|
|
IA-5
|
Authenticator Management
| Protects |
T1558.003
|
Kerberoasting
|
|
IA-5
|
Authenticator Management
| Protects |
T1558.004
|
AS-REP Roasting
|
|
IA-5
|
Authenticator Management
| Protects |
T1563.001
|
SSH Hijacking
|
|
IA-5
|
Authenticator Management
| Protects |
T1599
|
Network Boundary Bridging
|
|
IA-5
|
Authenticator Management
| Protects |
T1599.001
|
Network Address Translation Traversal
|
|
IA-5
|
Authenticator Management
| Protects |
T1601
|
Modify System Image
|
|
IA-5
|
Authenticator Management
| Protects |
T1601.001
|
Patch System Image
|
|
IA-5
|
Authenticator Management
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-6
|
Authentication Feedback
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
IA-6
|
Authentication Feedback
| Protects |
T1021.005
|
VNC
|
|
IA-6
|
Authentication Feedback
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-6
|
Authentication Feedback
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
IA-6
|
Authentication Feedback
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
IA-6
|
Authentication Feedback
| Protects |
T1578.001
|
Create Snapshot
|
|
IA-6
|
Authentication Feedback
| Protects |
T1578.002
|
Create Cloud Instance
|
|
IA-6
|
Authentication Feedback
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1495
|
Firmware Corruption
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1542.001
|
System Firmware
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1542.003
|
Bootkit
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1542.004
|
ROMMONkit
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1553
|
Subvert Trust Controls
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1601
|
Modify System Image
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1601.001
|
Patch System Image
|
|
IA-7
|
Cryptographic Module Authentication
| Protects |
T1601.002
|
Downgrade System Image
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1053
|
Scheduled Task/Job
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1053.007
|
Container Orchestration Job
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059.001
|
PowerShell
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1059.008
|
Network Device CLI
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1087.004
|
Cloud Account
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1210
|
Exploitation of Remote Services
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213
|
Data from Information Repositories
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213.001
|
Confluence
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1213.002
|
Sharepoint
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1528
|
Steal Application Access Token
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1537
|
Transfer Data to Cloud Account
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1538
|
Cloud Service Dashboard
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542
|
Pre-OS Boot
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.001
|
System Firmware
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.003
|
Bootkit
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1542.005
|
TFTP Boot
|
|
IA-8
|
Identification and Authentication (non-organizational Users)
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1036
|
Masquerading
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1036.001
|
Invalid Code Signature
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1036.005
|
Match Legitimate Name or Location
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1059.001
|
PowerShell
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1059.002
|
AppleScript
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1213.003
|
Code Repositories
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1525
|
Implant Internal Image
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1546
|
Event Triggered Execution
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1546.006
|
LC_LOAD_DYLIB Addition
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1546.013
|
PowerShell Profile
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1553
|
Subvert Trust Controls
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1553.004
|
Install Root Certificate
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1554
|
Compromise Client Software Binary
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1562.006
|
Indicator Blocking
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1562.009
|
Safe Mode Boot
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1566
|
Phishing
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1566.001
|
Spearphishing Attachment
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1566.002
|
Spearphishing Link
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1598
|
Phishing for Information
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1598.002
|
Spearphishing Attachment
|
|
IA-9
|
Service Identification and Authentication
| Protects |
T1598.003
|
Spearphishing Link
|
