Vendor: VMS Software
June 14, 2023 · View on GitHub
Product: OpenVMS
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 136 | 50 | 24 | 5 | 5 |
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | failed-logon ↳openvms-failed-logon remote-logon ↳openvms-remote-login | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Brute Force Attack | failed-logon ↳openvms-failed-logon | T1021.001 - Remote Services: Remote Desktop Protocol T1110 - Brute Force T1110.003 - T1110.003 |
|
| Compromised Credentials | batch-logon ↳openvms-batch-logon failed-logon ↳openvms-failed-logon file-delete ↳openvms-file-delete file-read ↳openvms-file-access remote-logon ↳openvms-remote-login | T1003.001 - T1003.001 T1003.003 - T1003.003 T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Data Access | file-delete ↳openvms-file-delete file-read ↳openvms-file-access | T1083 - File and Directory Discovery |
|
| Destruction of Data | file-delete ↳openvms-file-delete | T1070.004 - Indicator Removal on Host: File Deletion T1485 - Data Destruction |
|
| Lateral Movement | batch-logon ↳openvms-batch-logon failed-logon ↳openvms-failed-logon remote-logon ↳openvms-remote-login | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Malware | batch-logon ↳openvms-batch-logon failed-logon ↳openvms-failed-logon remote-logon ↳openvms-remote-login | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Privilege Abuse | batch-logon ↳openvms-batch-logon failed-logon ↳openvms-failed-logon file-delete ↳openvms-file-delete file-read ↳openvms-file-access remote-logon ↳openvms-remote-login | T1078 - Valid Accounts T1078.002 - T1078.002 |
|
| Privilege Escalation | failed-logon ↳openvms-failed-logon remote-logon ↳openvms-remote-login | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1555.005 - T1555.005 |
|
| Privileged Activity | failed-logon ↳openvms-failed-logon file-delete ↳openvms-file-delete file-read ↳openvms-file-access remote-logon ↳openvms-remote-login | T1021 - Remote Services T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts T1078.002 - T1078.002 |
|
| Ransomware | failed-logon ↳openvms-failed-logon remote-logon ↳openvms-remote-login | T1078 - Valid Accounts |
|