| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.003 |
Distributed Component Object Model |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.004 |
SSH |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.005 |
VNC |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1052 |
Exfiltration Over Physical Medium |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1052.001 |
Exfiltration over USB |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.003 |
Cron |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1059 |
Command and Scripting Interpreter |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.001 |
PowerShell |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.005 |
Visual Basic |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1059.007 |
JavaScript |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1092 |
Communication Through Removable Media |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1127 |
Trusted Developer Utilities Proxy Execution |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1127.001 |
MSBuild |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1137 |
Office Application Startup |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1137.001 |
Office Template Macros |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1176 |
Browser Extensions |
| RA-10 |
Threat Hunting |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
| RA-10 |
Threat Hunting |
Protects |
T1195.002 |
Compromise Software Supply Chain |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1195.002 |
Compromise Software Supply Chain |
| RA-09 |
Criticality Analysis |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1204.003 |
Malicious Image |
| RA-10 |
Threat Hunting |
Protects |
T1210 |
Exploitation of Remote Services |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1210 |
Exploitation of Remote Services |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1213 |
Data from Information Repositories |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.001 |
Confluence |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.002 |
Sharepoint |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1213.003 |
Code Repositories |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218 |
System Binary Proxy Execution |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.003 |
CMSTP |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.004 |
InstallUtil |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.005 |
Mshta |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.008 |
Odbcconf |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.009 |
Regsvcs/Regasm |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.012 |
Verclsid |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.013 |
Mavinject |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1218.014 |
MMC |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1221 |
Template Injection |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1482 |
Domain Trust Discovery |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1484 |
Domain Policy Modification |
| RA-09 |
Criticality Analysis |
Protects |
T1495 |
Firmware Corruption |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505 |
Server Software Component |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.001 |
SQL Stored Procedures |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.002 |
Transport Agent |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.003 |
Web Shell |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.004 |
IIS Components |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1505.005 |
Terminal Services DLL |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1525 |
Implant Internal Image |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1528 |
Steal Application Access Token |
| RA-09 |
Criticality Analysis |
Protects |
T1542 |
Pre-OS Boot |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1542.004 |
ROMMONkit |
| RA-09 |
Criticality Analysis |
Protects |
T1542.004 |
ROMMONkit |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1542.005 |
TFTP Boot |
| RA-09 |
Criticality Analysis |
Protects |
T1542.005 |
TFTP Boot |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1543 |
Create or Modify System Process |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1546.002 |
Screensaver |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1546.014 |
Emond |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.006 |
Kernel Modules and Extensions |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.007 |
Re-opened Applications |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1547.008 |
LSASS Driver |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1548.002 |
Bypass User Account Control |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1548.003 |
Sudo and Sudo Caching |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.006 |
Group Policy Preferences |
| RA-09 |
Criticality Analysis |
Protects |
T1553 |
Subvert Trust Controls |
| RA-09 |
Criticality Analysis |
Protects |
T1553.006 |
Code Signing Policy Modification |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1558.004 |
AS-REP Roasting |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1559 |
Inter-Process Communication |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1559.002 |
Dynamic Data Exchange |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1560 |
Archive Collected Data |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1563 |
Remote Service Session Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1563.001 |
SSH Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1563.002 |
RDP Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574 |
Hijack Execution Flow |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.001 |
DLL Search Order Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.004 |
Dylib Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.005 |
Executable Installer File Permissions Weakness |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.008 |
Path Interception by Search Order Hijacking |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.009 |
Path Interception by Unquoted Path |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.010 |
Services File Permissions Weakness |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.001 |
Create Snapshot |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.002 |
Create Cloud Instance |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1578.003 |
Delete Cloud Instance |
| RA-09 |
Criticality Analysis |
Protects |
T1601 |
Modify System Image |
| RA-09 |
Criticality Analysis |
Protects |
T1601.001 |
Patch System Image |
| RA-09 |
Criticality Analysis |
Protects |
T1601.002 |
Downgrade System Image |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1612 |
Build Image on Host |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1574.007 |
Path Interception by PATH Environment Variable |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1560.001 |
Archive via Utility |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1557 |
Adversary-in-the-Middle |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.004 |
Private Keys |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1530 |
Data from Cloud Storage |
| RA-10 |
Threat Hunting |
Protects |
T1211 |
Exploitation for Defense Evasion |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1211 |
Exploitation for Defense Evasion |
| RA-10 |
Threat Hunting |
Protects |
T1190 |
Exploit Public-Facing Application |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1190 |
Exploit Public-Facing Application |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.002 |
Credentials in Registry |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1552.001 |
Credentials In Files |
| RA-09 |
Criticality Analysis |
Protects |
T1542.003 |
Bootkit |
| RA-10 |
Threat Hunting |
Protects |
T1195 |
Supply Chain Compromise |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1195 |
Supply Chain Compromise |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1091 |
Replication Through Removable Media |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1046 |
Network Service Discovery |
| RA-10 |
Threat Hunting |
Protects |
T1068 |
Exploitation for Privilege Escalation |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1068 |
Exploitation for Privilege Escalation |
| RA-09 |
Criticality Analysis |
Protects |
T1542.001 |
System Firmware |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1053 |
Scheduled Task/Job |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1133 |
External Remote Services |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.001 |
Remote Desktop Protocol |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1021.006 |
Windows Remote Management |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1047 |
Windows Management Instrumentation |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.002 |
At |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1053.005 |
Scheduled Task |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1552 |
Unsecured Credentials |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1548 |
Abuse Elevation Control Mechanism |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1562.010 |
Downgrade Attack |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1562 |
Impair Defenses |
| RA-10 |
Threat Hunting |
Protects |
T1212 |
Exploitation for Credential Access |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1212 |
Exploitation for Credential Access |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1078 |
Valid Accounts |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1011.001 |
Exfiltration Over Bluetooth |
| RA-05 |
Vulnerability Monitoring and Scanning |
Protects |
T1098.004 |
SSH Authorized Keys |
