RA-10 |
Threat Hunting |
Protects |
T1190 |
Exploit Public-Facing Application |
RA-10 |
Threat Hunting |
Protects |
T1195 |
Supply Chain Compromise |
RA-10 |
Threat Hunting |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
RA-10 |
Threat Hunting |
Protects |
T1195.002 |
Compromise Software Supply Chain |
RA-10 |
Threat Hunting |
Protects |
T1210 |
Exploitation of Remote Services |
RA-10 |
Threat Hunting |
Protects |
T1211 |
Exploitation for Defense Evasion |
RA-10 |
Threat Hunting |
Protects |
T1068 |
Exploitation for Privilege Escalation |
RA-10 |
Threat Hunting |
Protects |
T1212 |
Exploitation for Credential Access |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1011.001 |
Exfiltration Over Bluetooth |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.001 |
Remote Desktop Protocol |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1047 |
Windows Management Instrumentation |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1053 |
Scheduled Task/Job |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.002 |
At (Windows) |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.003 |
Cron |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.005 |
Scheduled Task |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1059 |
Command and Scripting Interpreter |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.001 |
PowerShell |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.005 |
Visual Basic |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1098.004 |
SSH Authorized Keys |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1176 |
Browser Extensions |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1190 |
Exploit Public-Facing Application |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1195 |
Supply Chain Compromise |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1195.002 |
Compromise Software Supply Chain |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1210 |
Exploitation of Remote Services |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1211 |
Exploitation for Defense Evasion |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.003 |
Code Repositories |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.003 |
CMSTP |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.004 |
InstallUtil |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.008 |
Odbcconf |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.009 |
Regsvcs/Regasm |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.012 |
Verclsid |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.013 |
Mavinject |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.014 |
MMC |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1221 |
Template Injection |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1505 |
Server Software Component |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.003 |
Web Shell |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1525 |
Implant Internal Image |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1543 |
Create or Modify System Process |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1546.002 |
Screensaver |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.006 |
Kernel Modules and Extensions |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.007 |
Re-opened Applications |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.008 |
LSASS Driver |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1548.002 |
Bypass User Account Control |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1548.003 |
Sudo and Sudo Caching |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1559 |
Inter-Process Communication |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1559.002 |
Dynamic Data Exchange |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1562 |
Impair Defenses |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1562.010 |
Downgrade Attack |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574 |
Hijack Execution Flow |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.007 |
Path Interception by PATH Environment Variable |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.003 |
Distributed Component Object Model |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.004 |
SSH |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.005 |
VNC |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.006 |
Windows Remote Management |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1052 |
Exfiltration Over Physical Medium |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1052.001 |
Exfiltration over USB |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.007 |
JavaScript |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1092 |
Communication Through Removable Media |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1127 |
Trusted Developer Utilities Proxy Execution |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1127.001 |
MSBuild |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1137 |
Office Application Startup |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1137.001 |
Office Template Macros |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1204.003 |
Malicious Image |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1213 |
Data from Information Repositories |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.001 |
Confluence |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.002 |
Sharepoint |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.005 |
Mshta |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1484 |
Domain Policy Modification |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.001 |
SQL Stored Procedures |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.002 |
Transport Agent |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.004 |
IIS Components |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1542.004 |
ROMMONkit |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1542.005 |
TFTP Boot |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1546.014 |
Emond |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1548 |
Abuse Elevation Control Mechanism |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1552 |
Unsecured Credentials |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.001 |
Credentials In Files |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.002 |
Credentials in Registry |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.004 |
Private Keys |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.006 |
Group Policy Preferences |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1558.004 |
AS-REP Roasting |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1560 |
Archive Collected Data |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1563 |
Remote Service Session Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1563.001 |
SSH Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1563.002 |
RDP Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.001 |
DLL Search Order Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.004 |
Dylib Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.005 |
Executable Installer File Permissions Weakness |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.008 |
Path Interception by Search Order Hijacking |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.009 |
Path Interception by Unquoted Path |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.010 |
Services File Permissions Weakness |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.001 |
Create Snapshot |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.002 |
Create Cloud Instance |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.003 |
Delete Cloud Instance |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1612 |
Build Image on Host |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1046 |
Network Service Scanning |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1068 |
Exploitation for Privilege Escalation |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1078 |
Valid Accounts |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1091 |
Replication Through Removable Media |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1133 |
External Remote Services |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1212 |
Exploitation for Credential Access |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1218 |
Signed Binary Proxy Execution |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1482 |
Domain Trust Discovery |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1528 |
Steal Application Access Token |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1530 |
Data from Cloud Storage Object |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1557 |
Adversary-in-the-Middle |
RA-5 |
Vulnerability Monitoring and Scanning |
Protects |
T1560.001 |
Archive via Utility |
RA-5 |
Vulnerability Scanning |
Protects |
T1505.005 |
Terminal Services DLL |
RA-9 |
Criticality Analysis |
Protects |
T1495 |
Firmware Corruption |
RA-9 |
Criticality Analysis |
Protects |
T1542 |
Pre-OS Boot |
RA-9 |
Criticality Analysis |
Protects |
T1542.001 |
System Firmware |
RA-9 |
Criticality Analysis |
Protects |
T1542.003 |
Bootkit |
RA-9 |
Criticality Analysis |
Protects |
T1542.004 |
ROMMONkit |
RA-9 |
Criticality Analysis |
Protects |
T1542.005 |
TFTP Boot |
RA-9 |
Criticality Analysis |
Protects |
T1553 |
Subvert Trust Controls |
RA-9 |
Criticality Analysis |
Protects |
T1553.006 |
Code Signing Policy Modification |
RA-9 |
Criticality Analysis |
Protects |
T1601 |
Modify System Image |
RA-9 |
Criticality Analysis |
Protects |
T1601.001 |
Patch System Image |
RA-9 |
Criticality Analysis |
Protects |
T1601.002 |
Downgrade System Image |
RA-9 |
Criticality Analysis |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |