|
RA-10
|
Threat Hunting
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
RA-10
|
Threat Hunting
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
RA-10
|
Threat Hunting
| Protects |
T1195
|
Supply Chain Compromise
|
|
RA-10
|
Threat Hunting
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
RA-10
|
Threat Hunting
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
RA-10
|
Threat Hunting
| Protects |
T1210
|
Exploitation of Remote Services
|
|
RA-10
|
Threat Hunting
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
RA-10
|
Threat Hunting
| Protects |
T1212
|
Exploitation for Credential Access
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1011.001
|
Exfiltration Over Bluetooth
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.001
|
Remote Desktop Protocol
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.003
|
Distributed Component Object Model
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.004
|
SSH
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.005
|
VNC
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1021.006
|
Windows Remote Management
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1046
|
Network Service Scanning
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1047
|
Windows Management Instrumentation
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1052
|
Exfiltration Over Physical Medium
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1052.001
|
Exfiltration over USB
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1053
|
Scheduled Task/Job
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.001
|
At (Linux)
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.002
|
At (Windows)
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.003
|
Cron
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1053.005
|
Scheduled Task
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1059
|
Command and Scripting Interpreter
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.001
|
PowerShell
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.005
|
Visual Basic
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1059.007
|
JavaScript
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1068
|
Exploitation for Privilege Escalation
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1078
|
Valid Accounts
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1091
|
Replication Through Removable Media
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1092
|
Communication Through Removable Media
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1098.004
|
SSH Authorized Keys
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1127
|
Trusted Developer Utilities Proxy Execution
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1127.001
|
MSBuild
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1133
|
External Remote Services
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1137
|
Office Application Startup
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1137.001
|
Office Template Macros
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1176
|
Browser Extensions
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1190
|
Exploit Public-Facing Application
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1195
|
Supply Chain Compromise
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1195.002
|
Compromise Software Supply Chain
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1204.003
|
Malicious Image
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1210
|
Exploitation of Remote Services
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1211
|
Exploitation for Defense Evasion
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1212
|
Exploitation for Credential Access
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1213
|
Data from Information Repositories
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.001
|
Confluence
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.002
|
Sharepoint
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1213.003
|
Code Repositories
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218
|
Signed Binary Proxy Execution
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.003
|
CMSTP
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.004
|
InstallUtil
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.005
|
Mshta
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.008
|
Odbcconf
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.009
|
Regsvcs/Regasm
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.012
|
Verclsid
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.013
|
Mavinject
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1218.014
|
MMC
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1221
|
Template Injection
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1482
|
Domain Trust Discovery
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1484
|
Domain Policy Modification
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1505
|
Server Software Component
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.001
|
SQL Stored Procedures
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.002
|
Transport Agent
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.003
|
Web Shell
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1505.004
|
IIS Components
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1525
|
Implant Internal Image
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1528
|
Steal Application Access Token
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1530
|
Data from Cloud Storage Object
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1542.004
|
ROMMONkit
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1542.005
|
TFTP Boot
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1543
|
Create or Modify System Process
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1546.002
|
Screensaver
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1546.014
|
Emond
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.006
|
Kernel Modules and Extensions
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.007
|
Re-opened Applications
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1547.008
|
LSASS Driver
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1548
|
Abuse Elevation Control Mechanism
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1548.002
|
Bypass User Account Control
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1548.003
|
Sudo and Sudo Caching
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1552
|
Unsecured Credentials
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.001
|
Credentials In Files
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.002
|
Credentials in Registry
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.004
|
Private Keys
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1552.006
|
Group Policy Preferences
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1557
|
Adversary-in-the-Middle
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1558.004
|
AS-REP Roasting
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1559
|
Inter-Process Communication
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1559.002
|
Dynamic Data Exchange
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1560
|
Archive Collected Data
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1560.001
|
Archive via Utility
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1562
|
Impair Defenses
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1562.010
|
Downgrade Attack
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1563
|
Remote Service Session Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1563.001
|
SSH Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1563.002
|
RDP Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574
|
Hijack Execution Flow
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.001
|
DLL Search Order Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.004
|
Dylib Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.005
|
Executable Installer File Permissions Weakness
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.009
|
Path Interception by Unquoted Path
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1574.010
|
Services File Permissions Weakness
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1578
|
Modify Cloud Compute Infrastructure
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.001
|
Create Snapshot
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.002
|
Create Cloud Instance
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1578.003
|
Delete Cloud Instance
|
|
RA-5
|
Vulnerability Monitoring and Scanning
| Protects |
T1612
|
Build Image on Host
|
|
RA-9
|
Criticality Analysis
| Protects |
T1195.003
|
Compromise Hardware Supply Chain
|
|
RA-9
|
Criticality Analysis
| Protects |
T1495
|
Firmware Corruption
|
|
RA-9
|
Criticality Analysis
| Protects |
T1542
|
Pre-OS Boot
|
|
RA-9
|
Criticality Analysis
| Protects |
T1542.001
|
System Firmware
|
|
RA-9
|
Criticality Analysis
| Protects |
T1542.003
|
Bootkit
|
|
RA-9
|
Criticality Analysis
| Protects |
T1542.004
|
ROMMONkit
|
|
RA-9
|
Criticality Analysis
| Protects |
T1542.005
|
TFTP Boot
|
|
RA-9
|
Criticality Analysis
| Protects |
T1553
|
Subvert Trust Controls
|
|
RA-9
|
Criticality Analysis
| Protects |
T1553.006
|
Code Signing Policy Modification
|
|
RA-9
|
Criticality Analysis
| Protects |
T1601
|
Modify System Image
|
|
RA-9
|
Criticality Analysis
| Protects |
T1601.001
|
Patch System Image
|
|
RA-9
|
Criticality Analysis
| Protects |
T1601.002
|
Downgrade System Image
|
