Use Case: Compromised Credentials
May 13, 2026 · View on GitHub
Use Case: Compromised Credentials
Vendor: 1password
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| 1password | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: AIM Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AI Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: APC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| APC | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Abnormal Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Abnormal Security | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Absolute
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Absolute DDS | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Accellion
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kiteworks | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Adaxes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Adaxes | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Adobe
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Adobe Experience Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Airlock
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Airlock Allowlisting | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Akamai
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Akamai Guardicore | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Akamai SIEM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cloud Akamai | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Amazon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AWS Bastion | T1078 - Valid Accounts |
|
| AWS CloudTrail | T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories T1535 - Unused/Unsupported Cloud Regions |
|
| AWS CloudWatch | T1046 - Network Service Scanning T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| AWS Elastic Load Balancer | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| AWS GuardDuty | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories |
|
| AWS Network Firewall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| AWS Redshift | T1213 - Data from Information Repositories |
|
| AWS WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Amazon EKS | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Amazon Inspector | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Amazon Q | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Amazon S3 | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1535 - Unused/Unsupported Cloud Regions T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Apache
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apache | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Apache Subversion | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: AppSense
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AppSense Application Manager | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools TA0002 - TA0002 |
|
Vendor: Apple
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| macOS | T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Arctic Wolf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance PROTECT | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Cylance Protect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Armis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Armis Platform | T1078 - Valid Accounts |
|
Vendor: AssetView
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AssetView | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1083 - File and Directory Discovery |
|
Vendor: Atlassian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Atlassian | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Atlassian BitBucket | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Atlassian Guard | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Attivo
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BOTsink | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Auth0
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auth0 | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Barracuda
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Barracuda Cloudgen Firewall | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: BeyondTrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BeyondInsight | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| BeyondTrust | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| BeyondTrust Privileged Identity | T1078 - Valid Accounts T1133 - External Remote Services |
|
| BeyondTrust Remote Support | T1078 - Valid Accounts T1133 - External Remote Services |
|
| BeyondTrust Secure Remote Access | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Bitdefender
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GravityZone | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Bitglass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Bitglass CASB | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: BlackBerry
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BlackBerry Protect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Box
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Box Cloud Content Management | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Box Shield | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: CA Technologies
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CA Privileged Access Manager Server Control | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: CDS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CDS | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Canon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| imageRUNNER ADVANCE | T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: CatoNetworks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cato Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Check Point
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Check Point Anti-Malware | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Check Point Avanan | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Check Point Endpoint Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Check Point Identity Awareness | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Check Point NGFW | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Check Point Security Gateway | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Check Point Threat Emulation | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Harmony SaaS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| SmartDefense | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Checkmarx
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Checkmarx | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Cimcor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CimTrak | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Cisco
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cisco Cloud Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cisco Collaboration | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Cisco Cyber Vision | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Cisco Data Center | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Cisco IOS | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Cisco ISE | T1021 - Remote Services T1078 - Valid Accounts |
|
| Cisco Identity Intelligence | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Cisco Identity and Access Management | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Cisco Network Infrastructure and Management | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Cisco Network Monitoring and Analytics | T1046 - Network Service Scanning |
|
| Cisco Network Security | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Cisco Remote Access Security | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Cisco Secure Endpoint | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Cisco Secure Firewall Management Center | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Cisco Secure Network Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Cisco Web Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Duo Access | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Citrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Citrix Gateway | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Citrix Security Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Citrix Virtual Apps | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Claroty
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CTD | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Claroty | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Click Studios
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Passwordstate | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Cloudflare
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cloudflare Audit | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Cloudflare Insights | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cloudflare WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Cohesity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cohesity DataPlatform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Commvault
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Commvault | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Commvault ThreatWise | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Corelight
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Corelight IDS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Cribl
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cribl | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: CrowdStrike
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Falcon | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1187 - Forced Authentication T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Identity Threat Detection & Response | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: CyberArk
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CyberArk Privilege Access Manager | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Cybereason
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cybereason | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Cylance
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance OPTICS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools TA0002 - TA0002 |
|
Vendor: Cynet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cynet EDR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Darktrace
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Darktrace | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Delinea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Centrify Audit and Monitoring Service | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services |
|
| Centrify Authentication Service | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Centrify Infrastructure Services | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Centrify Zero Trust Privilege Services | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Secret Server | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Dell
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| EMC Isilon | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1083 - File and Directory Discovery |
|
| PowerProtect | T1078 - Valid Accounts T1133 - External Remote Services |
|
| PowerProtect Data Manager | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| PowerStore | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Sonicwall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Digital Arts
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Arts i-FILTER for Business | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Digital Guardian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Guardian Endpoint Protection | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Digital Guardian Network DLP | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: Dropbox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Dropbox | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Dtex Systems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| DTEX InTERCEPT | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1083 - File and Directory Discovery T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: ESET
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ESET Endpoint Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Egnyte
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Egnyte | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services |
|
Vendor: Entrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Entrust Identity Enterprise | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Epic
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Epic SIEM | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories |
|
Vendor: Ermes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ermes Browser Security Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Exabeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Correlation Rule | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Search | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Extrahop
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Extrahop Reveal(x) | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Extreme Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| EXOS | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Platform ONE | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Universal ZTNA | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Zebra WLAN Management | T1078 - Valid Accounts |
|
Vendor: F-Secure
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| F-Secure Client Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| F-Secure Policy Manager | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: F5
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BIG-IP F5 LBR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| F5 Access Policy Manager | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| F5 Advanced Firewall Manager | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| F5 Application Security Manager | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| F5 BIG-IP | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| F5 Distributed Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| F5 Silverline | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| F5 WebSafe | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: FTP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FTP | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Fastly
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Next-Gen Web Application Firewall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
Vendor: FireMon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FireMon | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Forcepoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forcepoint Next-Gen Firewall | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Websense Security Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Forescout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forescout CounterACT | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Fortinet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FortiAuthenticator | T1078 - Valid Accounts T1133 - External Remote Services |
|
| FortiClient | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| FortiGate | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| FortiNAC | T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| FortiSIEM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| FortiXDR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools TA0002 - TA0002 |
|
| Fortinet Enterprise Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Fortinet UTM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Fortiweb Web Application Firewall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: FreeBSD
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FreeBSD | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: Gamma
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Gamma | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: GitHub
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GitHub | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: GitLab
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GitLab | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: GoAnywhere
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GoAnywhere MFT | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1213 - Data from Information Repositories T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Google
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GCP CloudAudit | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Gemini Enterprise | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Google Cloud Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1046 - Network Service Scanning T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1213 - Data from Information Repositories T1535 - Unused/Unsupported Cloud Regions T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Google Workspace | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Security Command Center | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: HP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Aruba ClearPass Policy Manager | T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Aruba Mobility Master | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Aruba Wireless controller | T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services |
|
| ArubaOS | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| HP iLO | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| HPE 3PAR StoreServ | T1078 - Valid Accounts T1133 - External Remote Services |
|
| NonStop | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: HUMAN Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| HUMAN Bot Defender | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Halcyon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Halcyon | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: HelpSystems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Powertech Identity and Access Manager | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Hornet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Hornetsecurity Cloud Email Security Services | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Huawei
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Huawei Unified Security Gateway | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: IBM
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Guardium | T1213 - Data from Information Repositories |
|
| IBM | T1078 - Valid Accounts T1133 - External Remote Services |
|
| IBM Datapower | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| IBM Mainframe | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| QRadar SIEM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Security Access Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Sterling B2B Integrator | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: IMSS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IMSS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Imperva
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Attack Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Imperva Incapsula | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Imperva SecureSphere | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories |
|
Vendor: Imprivata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Imprivata | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Infoblox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BloxOne DDI | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Infoblox NetMRI | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Informatica
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Informatica Cloud | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Int64 Software
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OVERLAPS | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Ipswitch
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| MoveIt Transfer | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Ironscales
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ironscales | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Island
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Island Enterprise Browser | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Ivanti
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ivanti Pulse Secure | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Jamf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jamf Protect | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: Jumpcloud
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jumpcloud | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Juniper Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Juniper SRX Series | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Junos OS | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: Kasada
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kasada | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Kaspersky
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kaspersky Endpoint Security for Business | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Kemp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kemp LoadMaster | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: KnowBe4
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Security Awareness Training | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Kong
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kong Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: LanScope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LanScope Cat | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: LastPass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LastPass | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: LiquidFiles
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LiquidFiles | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: LogRhythm
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LogRhythm | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| NetMon | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
Vendor: Lookout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Lookout | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Malwarebytes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Malwarebytes Endpoint Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: ManageEngine
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ADAuditPlus | T1078 - Valid Accounts T1133 - External Remote Services |
|
| ADManager Plus | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| ADSSP | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| PAM360 | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: MariaDB
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| MariaDB | T1213 - Data from Information Repositories |
|
Vendor: McAfee
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| McAfee Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Menlo Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Menlo Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Microsoft
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Active Directory Federation Services | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Azure | T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1133 - External Remote Services |
|
| Azure AD Activity Logs | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1133 - External Remote Services T1207 - Rogue Domain Controller T1213 - Data from Information Repositories T1558 - Steal or Forge Kerberos Tickets |
|
| Azure AD Sign-In Logs | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure ATP | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure Container Registry | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure DevOps | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Azure Event Hub | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure Key Vault | T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure Kubernetes Service | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Azure MFA | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Azure Monitor | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1078.004 - Valid Accounts: Cloud Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1213 - Data from Information Repositories T1535 - Unused/Unsupported Cloud Regions T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Azure Monitor - VM Insights | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Copilot | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Event Viewer - ADFS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Event Viewer - ADWS | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Application | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Event Viewer - Applocker | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Event Viewer - AzureADPasswordProtection-DCAgent | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - AzureADPasswordProtection-ProxyService | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - BFE Resorce Flows | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - BITS-Client | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - CAPI2 | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - CodeIntegrity | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - DFS-Replication | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1078 - Valid Accounts T1133 - External Remote Services T1207 - Rogue Domain Controller T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - DNSServer | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Directory-Service | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - File Replication Service | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - FileShareShadowCopyProvider | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Kerberos-Key-Distribution-Center | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Kernel-IO | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Kernel-PnP | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - KnownFolders | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - LSA | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Licensing-Platform | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - LiveId | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - NPS | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - NTLM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - NetworkProfile | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - OpenSSH | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - PowerShell | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Event Viewer - RemoteDesktopServices | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - SMB | T1078 - Valid Accounts T1133 - External Remote Services T1187 - Forced Authentication |
|
| Event Viewer - Security | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1003.006 - OS Credential Dumping: DCSync T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1078.004 - Valid Accounts: Cloud Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1207 - Rogue Domain Controller T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Event Viewer - Setup | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - System | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Event Viewer - TaskScheduler | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - TerminalServices | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - TerminalServices-Gateway | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - TerminalServices-RemoteConnectionManager | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - WinNat | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Event Viewer - WinRM | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Event Viewer - Windows Firewall | T1078 - Valid Accounts T1133 - External Remote Services |
|
| M365 Audit Logs | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| MSSQL | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1213 - Data from Information Repositories T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Microsoft 365 | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Microsoft Advanced Threat Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Microsoft CAS | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Microsoft DHCP Log | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Microsoft Defender | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1003.006 - OS Credential Dumping: DCSync T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1207 - Rogue Domain Controller T1213 - Data from Information Repositories T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Microsoft Defender for Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Microsoft Entra | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Microsoft Exchange | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Microsoft IIS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Microsoft Intune | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Microsoft Network Policy Server | T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services |
|
| Microsoft RRAS | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
| Microsoft Sentinel | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Microsoft WMI Log | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| NetLogon | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Sysmon | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Windows | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Windows Defender Application Control | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Windows Device registration service | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Mimecast
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Code42 Incydr | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Mimecast Secure Email Gateway | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Mimecast Targeted Threat Protection - URL | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Monday.com
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Monday.com | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Mvision
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Mvision | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Mysql
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Mysql | T1213 - Data from Information Repositories |
|
Vendor: Nasuni
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nasuni | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services |
|
Vendor: NetApp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetApp | T1083 - File and Directory Discovery |
|
| NetApp Ontap | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: NetMotion Wireless
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetMotion Wireless | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Netskope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netskope CASB | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Netskope Security Cloud | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Netskope Webtx | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Netwrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netwrix Auditor | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: NextDLP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Reveal | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Nozomi Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nozomi Networks Guardian | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: OSSEC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OSSEC | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Obsidian Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SaaS Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Okta
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Okta Adaptive MFA | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Onapsis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Onapsis | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: OneLogin
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneLogin | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: OneSpan
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digipass for Apps | T1021 - Remote Services T1078 - Valid Accounts |
|
Vendor: OneWelcome
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneWelcome Cloud Identity Platform | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Open Shift
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenShift | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Open VPN
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Open VPN | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
Vendor: OpenAI
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ChatGPT | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: OpenDJ
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenDJ | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: OpenLDAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenLDAP | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Oracle
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Oracle Cloud Infrastructure | T1078 - Valid Accounts T1133 - External Remote Services T1213 - Data from Information Repositories |
|
| Oracle Database | T1078 - Valid Accounts T1213 - Data from Information Repositories |
|
| Oracle Public Cloud | T1046 - Network Service Scanning T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Solaris | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
Vendor: Ordr
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ordr SCE | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Osquery
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Osquery | T1078 - Valid Accounts T1133 - External Remote Services T1213 - Data from Information Repositories |
|
Vendor: PagerDuty
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PagerDuty | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Palo Alto Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cortex XDR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Cortex XSOAR | T1078 - Valid Accounts T1133 - External Remote Services |
|
| GlobalProtect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Palo Alto Aperture | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services |
|
| Palo Alto NGFW | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Palo Alto WildFire | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Prisma Access | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Prisma Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Password Manager Pro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Password Manager Pro | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Perforce
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Perforce | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Ping Identity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ForgeRock | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Ping Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Ping Identity | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| PingFederate | T1078 - Valid Accounts T1133 - External Remote Services |
|
| PingOne | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Portkey
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Portkey | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Portnox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Portnox Cloud | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: PostgreSQL
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PostgreSQL | T1213 - Data from Information Repositories |
|
Vendor: PowerSentry
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PowerSentry | T1078 - Valid Accounts |
|
Vendor: Progress
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Progress ShareFile | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Proofpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ObserveIT | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Proofpoint CASB | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Proofpoint Enterprise Protection | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Qualys
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Qualys AssetView | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Quest Software
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Quest Change Auditor for Active Directory | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Quest Change Auditor for SQL Server | T1213 - Data from Information Repositories |
|
Vendor: RSA
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| RSA Authentication Manager | T1078 - Valid Accounts T1133 - External Remote Services |
|
| SecurID | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Radware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Alteon | T1078 - Valid Accounts |
|
| Radware WAF | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Rapid7
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rapid7 InsightVM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: RedShield
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| RedShield WAF | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
Vendor: Rubrik
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rubrik Cloud Data Management | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SAP | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SIGSCI
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SIGSCI | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Sailpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IdentityNow | T1078 - Valid Accounts T1133 - External Remote Services |
|
| SecurityIQ | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Salesforce
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Salesforce | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Sangfor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sangfor NGAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Saviynt
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Saviynt | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Secomea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secomea | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SecureAuth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureAuth IDP | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| SecureAuth Login | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SecureLink
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureLink | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SecureNet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureNet | T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services |
|
Vendor: Semperis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Semperis DSP | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1207 - Rogue Domain Controller T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: SentinelOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Singularity Platform | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Vigilance | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: ServiceNow
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ServiceNow | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Shibboleth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Shibboleth | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Silverfort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Silverfort Authentication Platform | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: SiteMinder
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec SiteMinder | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: SkySea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SkySea ClientView | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Skyformation
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Skyformation | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Skyhigh Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secure Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Skyhigh CASB | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Skyhigh Security Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Slack
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Slack | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: SmartSuite
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SmartSuite | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Snort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Snort | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Snowflake
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Snowflake | T1213 - Data from Information Repositories |
|
Vendor: Sophos
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sophos Endpoint Protection | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Sophos UTM | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Sophos XG Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Sophos XGS Firewall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Splunk
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Splunk ES | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Squid
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Squid | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: StealthBits
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| StealthIntercept | T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1207 - Rogue Domain Controller T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: SunOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SunOne | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Suricata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Suricata | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Swift
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swift | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Swimlane
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swimlane Turbine | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Swivel
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swivel | T1078 - Valid Accounts |
|
Vendor: Symantec
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec Advanced Threat Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Symantec CloudSOC | T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Symantec Content Analysis System | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Symantec DLP | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Symantec Email Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Symantec Endpoint Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Symantec VIP | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Symantec Web Security Service | T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Synology NAS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Synology NAS | T1187 - Forced Authentication |
|
Vendor: Sysdig
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sysdig Monitor | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools TA0002 - TA0002 |
|
Vendor: TXOne Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| StellarOne | T1078 - Valid Accounts T1133 - External Remote Services |
|
| StellarProtect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Tanium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tanium Cloud Platform | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Tanium Core Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Tanium Integrity Monitor | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1083 - File and Directory Discovery |
|
| Tanium Threat Response | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Tenable
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tenable Cloud Security | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Tenable Identity Exposure | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Tenable Vulnerability Management | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Tenable Web App Scanning | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Teradata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Teradata RDBMS | T1213 - Data from Information Repositories |
|
Vendor: ThoughtSpot
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ThoughtSpot | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Trellix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Trellix Central Management | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Trellix Database Security | T1213 - Data from Information Repositories |
|
| Trellix Email Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Trellix Endpoint Security | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Trellix Endpoint Security (HX) | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Trellix Helix | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Trellix Network Security (NX) | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1213 - Data from Information Repositories T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Trellix Network Security Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Trellix Web MPS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Trend Micro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apex One | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Deep Discovery Inspector | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Deep Security | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| OfficeScan | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| TippingPoint NGIPS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Trend Micro ScanMail | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
| Vision One | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Unix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auditbeat | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Unix | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Unix Auditd | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1021 - Remote Services T1040 - Network Sniffing T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Unix Named | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: VBCorp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| VBCorp | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: VMware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Carbon Black App Control | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Carbon Black CES | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| Carbon Black EDR | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1003.005 - T1003.005 T1016 - System Network Configuration Discovery T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1040 - Network Sniffing T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.011 - Signed Binary Proxy Execution: Rundll32 T1555 - Credentials from Password Stores TA0002 - TA0002 |
|
| VMware AirWatch | T1078 - Valid Accounts T1133 - External Remote Services |
|
| VMware ESXi | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| VMware Horizon | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| VMware NSX | T1078 - Valid Accounts T1133 - External Remote Services |
|
| VMware View | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| vCenter | T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Varonis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Varonis Data Security Platform | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Vectra
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Vectra Cognito Detect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Veeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Veeam | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Venafi
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| TLS Protect | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Vormetric
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Vormetric | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services |
|
Vendor: Wallix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Wallix Bastion | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: Watchguard
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Watchguard | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Wiz
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Wiz | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Workday
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Workday | T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Zeek
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zeek | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1187 - Forced Authentication T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Zero Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zero Networks | T1078 - Valid Accounts T1133 - External Remote Services |
|
Vendor: ZeroFox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ZeroFox Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Zimperium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zimperium MTD | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application |
|
Vendor: Zscaler
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zscaler Breach Predictor | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Zscaler Deception | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
| Zscaler Internet Access | T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Zscaler Private Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1110 - Brute Force T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Zyxel Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zyxel USG FLEX | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application |
|
Vendor:
Vendor: iBoss
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Iboss Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|