ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
VERIS
action.hacking.variety.Evade Defenses
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1001
Data Obfuscation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1001.001
Data Obfuscation: Junk Data
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1001.002
Data Obfuscation: Steganography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1001.003
Data Obfuscation: Protocol Impersonation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1008
Fallback Channels
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1014
Rootkit
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027
Obfuscated Files or Information
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.001
Obfuscated Files or Information: Binary Padding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.003
Obfuscated Files or Information: Steganography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.010
Command Obfuscation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.011
Fileless Storage
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.012
LNK Icon Smuggling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.013
Encrypted/Encoded File
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.014
Polymorphic Code
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1036
Masquerading
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1070.010
Relocate Malware
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1071
Application Layer Protocol
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1090
Proxy
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1102
Web Service
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1104
Multi-Stage Channels
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1132
Data Encoding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1132.001
Data Encoding: Standard Encoding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1132.002
Data Encoding: Non-Standard Encoding
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1205
Traffic Signaling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1205.001
Traffic Signaling: Port Knocking
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1205.002
Traffic Signaling: Socket Filters
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1211
Exploitation for Defense Evasion
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1553
Subvert Trust Controls
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1562
Impair Defenses
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564
Hide Artifacts
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.001
Hide Artifacts: Hidden Files and Directories
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.002
Hide Artifacts: Hidden Users
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.003
Hide Artifacts: Hidden Window
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.004
Hide Artifacts: NTFS File Attributes
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.005
Hide Artifacts: Hidden File System
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.006
Hide Artifacts: Run Virtual Instance
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.007
Hide Artifacts: VBA Stomping
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568
Dynamic Resolution
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.001
Dynamic Resolution: Fast Flux DSN
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.002
Dynamic Resolution: Domain Generation Algorithms
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1568.003
Dynamic Resolution: DNS Calculation
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1572
Protocol Tunneling
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573
Encrypted Channels
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573.001
Encrypted Channels: Symmetric Cryptography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1573.002
Encrypted Channels: Asymmetric Cryptography
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1622
Debugger Evasion
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.011
Ignore Process Interrupts
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1564.012
File/Path Exclusions
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1666
Modify Cloud Resource Hierarchy
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.002
Obfuscated Files or Information: Software Packaging
action.hacking.variety.Evade Defenses
Modification of the action (rather than the system, as in 'Disable controls') to avoid detection.
related-to
T1027.004
Obfuscated Files or Information: Compile After Dilevery
