ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
Known Exploited Vulnerabilities
Google Cloud Platform (GCP)
Intel vPro
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and VERIS 1.4.0.
Change versions here.
Home
Mapping Frameworks
VERIS Home
Disable or interfere with security controls
VERIS
action.malware.variety.Disable controls
Mappings
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
VERIS
1.4.0
Change Versions
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1006
Direct Volume Access
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027
Obfuscated Files or Information
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.001
Obfuscated Files or Information: Binary Padding
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.002
Obfuscated Files or Information: Software Packaging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.003
Obfuscated Files or Information: Steganography
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.004
Obfuscated Files or Information: Compile After Dilevery
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1027.005
Obfuscated Files or Information: Indicator Removal from Tools
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036
Masquerading
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.001
Masquerading: Invalid Code Signature
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.002
Masquerading: Right-to-Left Override
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.003
Masquerading: Rename System Utilities
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.004
Masquerading: Masquerade Task or Service
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.005
Masquerading: Match Legitimate Name or Location
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1036.006
Masquerading: Space after Filename
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1212
Exploitation for Credential Access
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222
File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222.001
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1222.002
File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1490
Inhibit System Recovery
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497
Virtualization/Sandbox Evasion
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.001
Virtualization/Sandbox Evasion: System Checks
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.002
Virtualization/Sandbox Evasion: User Activity Based Checks
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1497.003
Virtualization/Sandbox Evasion: Time Based Evasion
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553
Subvert Trust Controls
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.001
Subvert Trust Contols: Gatekeeper Bypass
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.002
Subvert Trust Contols: Code Signing
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.003
Subvert Trust Contols: SIP and Trust Provider Hijacking
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.004
Subvert Trust Contols: Install Root Certificate
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.005
Subvert Trust Contols: Mark-of-the-Web Bypass
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1553.006
Subvert Trust Contols: Code Signing Policy Modification
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562
Impair Defenses
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.001
Disable or Modify Tools
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.002
Disable Windows Event Logging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.003
Impair Command History Logging
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.004
Disable or Modify System Firewall
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.006
Impair Defenses: Indicator Blocking
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.007
Disable or Modify Cloud Firewall
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.008
Disable Cloud Logs
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.011
Spoof Security Alerting
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1562.012
Disable or Modify Linux Audit System
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1574.012
Hijack Execution Flow: COR_PROFILER
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600
Weaken Encryption
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600.001
Weaken Encryption: Reduce Key Space
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1600.002
Weaken Encryption: Disable Crypto Hardware
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601
Modify System Image
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601.001
Modify System Image: Patch System Image
action.malware.variety.Disable controls
Disable or interfere with security controls
related-to
T1601.002
Modify System Image: Downgrade System Image
