ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CSA Cloud Controls Matrix (CCM)
CRI Profile
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 12.1 Enterprise and VERIS 1.3.7.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Disable or interfere with security controls
VERIS
action.malware.variety.Disable controls
Mappings
ATT&CK Version
12.1
ATT&CK Domain
Enterprise
VERIS
1.3.7
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600
Weaken Encryption
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562
Impair Defenses
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.001
Disable or Modify Tools
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.002
Disable Windows Event Logging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.003
Impair Command History Logging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.004
Disable or Modify System Firewall
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.007
Disable or Modify Cloud Firewall
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.008
Disable Cloud Logs
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036
Masquerading
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553
Subvert Trust Controls
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1212
Exploitation for Credential Access
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027
Obfuscated Files or Information
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497
Virtualization/Sandbox Evasion
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1006
Direct Volume Access
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.001
Obfuscated Files or Information: Binary Padding
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.002
Obfuscated Files or Information: Software Packaging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.003
Obfuscated Files or Information: Steganography
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.004
Obfuscated Files or Information: Compile After Dilevery
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.005
Obfuscated Files or Information: Indicator Removal from Tools
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.001
Masquerading: Invalid Code Signature
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.002
Masquerading: Right-to-Left Override
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.003
Masquerading: Rename System Utilities
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.004
Masquerading: Masquerade Task or Service
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.005
Masquerading: Match Legitimate Name or Location
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.006
Masquerading: Space after Filename
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222
File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222.001
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222.002
File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1490
Inhibit System Recovery
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.001
Virtualization/Sandbox Evasion: System Checks
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.002
Virtualization/Sandbox Evasion: User Activity Based Checks
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.003
Virtualization/Sandbox Evasion: Time Based Evasion
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.001
Subvert Trust Contols: Gatekeeper Bypass
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.002
Subvert Trust Contols: Code Signing
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.003
Subvert Trust Contols: SIP and Trust Provider Hijacking
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.004
Subvert Trust Contols: Install Root Certificate
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.005
Subvert Trust Contols: Mark-of-the-Web Bypass
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.006
Subvert Trust Contols: Code Signing Policy Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.006
Impair Defenses: Indicator Blocking
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1574.012
Hijack Execution Flow: COR_PROFILER
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600.001
Weaken Encryption: Reduce Key Space
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600.002
Weaken Encryption: Disable Crypto Hardware
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601
Modify System Image
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601.001
Modify System Image: Patch System Image
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601.002
Modify System Image: Downgrade System Image
