ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
VERIS
action.hacking.variety.Evade Defenses
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027
Obfuscated Files or Information
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.001
Binary Padding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.002
Software Packing
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.003
Steganography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.004
Compile After Delivery
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.010
Command Obfuscation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.011
Fileless Storage
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.012
LNK Icon Smuggling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.013
Encrypted/Encoded File
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.014
Polymorphic Code
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1070.010
Relocate Malware
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1132.002
Non-Standard Encoding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1001
Data Obfuscation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1102.001
Dead Drop Resolver
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1602.001
SNMP (MIB Dump)
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1584.002
DNS Server
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1008
Fallback Channels
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1014
Rootkit
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1036
Masquerading
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1071
Application Layer Protocol
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1090
Proxy
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1102
Web Service
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1104
Multi-Stage Channels
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1132
Data Encoding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1583.007
Serverless
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1205
Traffic Signaling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1021.007
Cloud Services
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1053.005
Scheduled Task
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1211
Exploitation for Defense Evasion
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1553
Subvert Trust Controls
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1562
Impair Defenses
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564
Hide Artifacts
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.001
Hidden Files and Directories
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.002
Hidden Users
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.003
Hidden Window
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.004
NTFS File Attributes
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.005
Hidden File System
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.006
Run Virtual Instance
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.007
VBA Stomping
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568
Dynamic Resolution
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.001
Fast Flux DNS
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.002
Domain Generation Algorithms
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.003
DNS Calculation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1572
Protocol Tunneling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573
Encrypted Channel
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573.001
Symmetric Cryptography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573.002
Asymmetric Cryptography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1622
Debugger Evasion
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.011
Ignore Process Interrupts
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.012
File/Path Exclusions
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1666
Modify Cloud Resource Hierarchy
