Use Case: Lateral Movement
May 13, 2026 · View on GitHub
Use Case: Lateral Movement
Vendor: 1password
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| 1password | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: AIM Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AI Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: APC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| APC | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Absolute
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Absolute DDS | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Accellion
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kiteworks | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Adobe
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Adobe Experience Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Airlock
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Airlock Allowlisting | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Akamai
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Akamai Guardicore | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Akamai SIEM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Cloud Akamai | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Amazon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AWS Bastion | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| AWS CloudTrail | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| AWS CloudWatch | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| AWS Elastic Load Balancer | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| AWS GuardDuty | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| AWS Network Firewall | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| AWS WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Amazon EKS | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Amazon Inspector | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Amazon S3 | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| VPC Flow Logs | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Apache
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apache | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Apache Guacamole | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Apple
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| macOS | T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Arbor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Arbor Cloud | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Arctic Wolf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance Protect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Atlassian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Atlassian | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Atlassian Guard | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Attivo
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BOTsink | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Auth0
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auth0 | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Avaya
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Avaya Ethernet Routing Switch | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Barracuda
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Barracuda Cloudgen Firewall | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Barracuda WAF | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: BeyondTrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BeyondInsight | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| BeyondTrust | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| BeyondTrust Remote Support | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| BeyondTrust Secure Remote Access | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Bitdefender
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GravityZone | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Bitglass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Bitglass CASB | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: BlackBerry
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BlackBerry Protect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Box
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Box Cloud Content Management | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Box Shield | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: CA Technologies
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CA Privileged Access Manager Server Control | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: CDS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CDS | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Canon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| imageRUNNER ADVANCE | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: CatoNetworks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cato Cloud | T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Check Point
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Check Point Anti-Malware | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Check Point Avanan | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Check Point Endpoint Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Check Point Identity Awareness | T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Check Point NGFW | T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Check Point Security Gateway | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Check Point Threat Emulation | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Harmony SaaS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Checkmarx
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Checkmarx | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Cimcor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CimTrak | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Cisco
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cisco Adaptive Security Appliance | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Cisco Cloud Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Cisco Collaboration | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Cisco Cyber Vision | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Cisco Data Center | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Cisco IOS | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Cisco ISE | T1021 - Remote Services T1078 - Valid Accounts |
|
| Cisco Identity Intelligence | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Cisco Identity and Access Management | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Cisco Network Infrastructure and Management | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Cisco Network Monitoring and Analytics | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Cisco Network Security | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Cisco Remote Access Security | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Cisco Secure Endpoint | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Cisco Secure Firewall Management Center | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Cisco Web Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Duo Access | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Citrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Citrix Gateway | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Citrix Secure Private Access | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Citrix Security Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Citrix Virtual Apps | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Citrix Web App Firewall | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Claroty
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CTD | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Claroty | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Click Studios
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Passwordstate | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Cloudflare
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cloudflare Insights | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Cloudflare WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Cohesity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cohesity DataPlatform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Commvault
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Commvault | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Commvault ThreatWise | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Corelight
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Corelight IDS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: CrowdStrike
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Falcon | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Identity Threat Detection & Response | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: CyberArk
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CyberArk Privilege Access Manager | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Cybereason
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cybereason | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Cylance
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance OPTICS | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Cynet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cynet EDR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Darktrace
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Darktrace | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Delinea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Centrify Authentication Service | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Centrify Infrastructure Services | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Centrify Zero Trust Privilege Services | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services |
|
| Secret Server | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Dell
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PowerProtect | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| PowerProtect Data Manager | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| PowerStore | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Sonicwall | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Digital Arts
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Arts i-FILTER for Business | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Digital Guardian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Guardian Endpoint Protection | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Digital Guardian Network DLP | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Dropbox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Dropbox | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Dtex Systems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| DTEX InTERCEPT | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: ESET
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ESET Endpoint Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Egnyte
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Egnyte | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Entrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Entrust Identity Enterprise | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Epic
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Epic SIEM | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Ermes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ermes Browser Security Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Exabeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Correlation Rule | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Search | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Extrahop
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Extrahop Reveal(x) | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Extreme Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| EXOS | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Platform ONE | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Universal ZTNA | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Zebra WLAN Management | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: F-Secure
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| F-Secure Client Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: F5
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| F5 Access Policy Manager | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 Advanced Firewall Manager | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 Advanced Web Application Firewall | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 Application Security Manager | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 BIG-IP | T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 Distributed Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| F5 Silverline | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| F5 WebSafe | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| NGINX | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: FTP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FTP | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: FireMon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FireMon | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Forcepoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forcepoint Next-Gen Firewall | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Websense Security Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Forescout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forescout CounterACT | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Fortinet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FortiAuthenticator | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| FortiClient | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| FortiGate | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| FortiNAC | T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| FortiSIEM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Fortinet Enterprise Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Fortinet UTM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Fortinet VPN | T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Fortiweb Web Application Firewall | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: FreeBSD
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FreeBSD | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: Gamma
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Gamma | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: GitHub
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GitHub | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: GoAnywhere
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GoAnywhere MFT | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Google
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GCP CloudAudit | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Google Cloud Platform | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1046 - Network Service Scanning T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Google Workspace | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Security Command Center | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: HP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Aruba ClearPass Policy Manager | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Aruba Mobility Master | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Aruba Wireless controller | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services |
|
| ArubaOS | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| HP iLO | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: HUMAN Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| HUMAN Bot Defender | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: HelpSystems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Powertech Identity and Access Manager | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: Hornet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Hornetsecurity Cloud Email Security Services | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Huawei
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Huawei Enterprise Network Firewall | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Huawei Unified Security Gateway | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: IBM
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| HCL Notes | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| IBM | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| IBM Datapower | T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| IBM Mainframe | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Security Access Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: IMSS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IMSS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: IPTables
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IPTables FW | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Illumio
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Illumio Core | T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Imperva
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Imperva Incapsula | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Imperva SecureSphere | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Imprivata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Imprivata | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Infoblox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BloxOne DDI | T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Ipswitch
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| MoveIt Transfer | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Ironscales
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ironscales | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Island
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Island Enterprise Browser | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Ivanti
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ivanti Pulse Secure | T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Jamf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jamf Protect | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Jumpcloud
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jumpcloud | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Juniper Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Juniper SRX Series | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Junos OS | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: Kasada
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kasada | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Kaspersky
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kaspersky Endpoint Security for Business | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Kemp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kemp LoadMaster | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Kong
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kong Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: LanScope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LanScope Cat | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: LastPass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LastPass | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: LiquidFiles
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LiquidFiles | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: LogRhythm
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LogRhythm | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| NetMon | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Lookout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Lookout | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Malwarebytes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Malwarebytes Endpoint Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: ManageEngine
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ADManager Plus | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| ADSSP | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| PAM360 | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: McAfee
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| McAfee Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Menlo Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Menlo Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Microsoft
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Active Directory Federation Services | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Azure AD Activity Logs | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Azure AD Sign-In Logs | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Azure ATP | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Azure Container Registry | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Azure Event Hub | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Azure Firewall | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Azure Key Vault | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Azure MFA | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Azure Monitor | T1018 - Remote System Discovery T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Azure Monitor - VM Insights | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Azure Network Watcher | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Copilot | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Event Viewer - ADFS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Event Viewer - Application | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Event Viewer - Applocker | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Event Viewer - AzureADPasswordProtection-DCAgent | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Event Viewer - DNSServer | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Event Viewer - NPS | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Event Viewer - NTLM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
| Event Viewer - OpenSSH | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Event Viewer - PowerShell | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Event Viewer - SMB | T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Event Viewer - Security | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Event Viewer - System | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Event Viewer - TerminalServices-Gateway | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Event Viewer - TerminalServices-LocalSessionManager | T1210 - Exploitation of Remote Services |
|
| Event Viewer - TerminalServices-RemoteConnectionManager | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Event Viewer - WinNat | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| M365 Audit Logs | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| MSSQL | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Microsoft 365 | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Microsoft Advanced Threat Analytics | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Microsoft CAS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Microsoft DHCP Log | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Microsoft Defender | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Microsoft Defender for Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Microsoft Entra | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Microsoft Exchange | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Microsoft IIS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Microsoft Network Policy Server | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Microsoft RRAS | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Microsoft Sentinel | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Microsoft WMI Log | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| NetLogon | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Network Security Group Flow Logs | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Sysmon | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Windows Defender Application Control | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Mimecast
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Code42 Incydr | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Mimecast Secure Email Gateway | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Mimecast Targeted Threat Protection - URL | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: NetApp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetApp Ontap | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services |
|
Vendor: NetMotion Wireless
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetMotion Wireless | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Netskope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netskope Security Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Netskope Webtx | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Netwrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netwrix Auditor | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: NextDLP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Reveal | T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Nozomi Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nozomi Networks Guardian | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: OSSEC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OSSEC | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Obsidian Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SaaS Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Okta
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Okta Adaptive MFA | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Onapsis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Onapsis | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: OneLogin
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneLogin | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: OneSpan
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digipass for Apps | T1021 - Remote Services T1078 - Valid Accounts |
|
Vendor: OneWelcome
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneWelcome Cloud Identity Platform | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Open VPN
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Open VPN | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: OpenDJ
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenDJ | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: OpenLDAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenLDAP | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Oracle
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Oracle Database | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Oracle Public Cloud | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Solaris | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: Palo Alto Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cortex XDR | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Cortex XSOAR | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| GlobalProtect | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Palo Alto NGFW | T1018 - Remote System Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Palo Alto WildFire | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Prisma Access | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Prisma Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Password Manager Pro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Password Manager Pro | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Ping Identity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ForgeRock | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services |
|
| Ping Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Ping Identity | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| PingFederate | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| PingOne | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Portnox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Portnox Cloud | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Postfix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Postfix | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: PowerSentry
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PowerSentry | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Progress
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Progress ShareFile | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Proofpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ObserveIT | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Proofpoint CASB | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Qualys
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Qualys AssetView | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Quest Software
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Quest Change Auditor for Active Directory | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: RSA
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| RSA Authentication Manager | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| SecurID | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Radware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Alteon | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Radware WAF | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Rapid7
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rapid7 InsightVM | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Rubrik
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rubrik Cloud Data Management | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SAP | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SIGSCI
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SIGSCI | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Sailpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IdentityNow | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Salesforce
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Salesforce | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Sangfor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sangfor NGAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Secomea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secomea | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SecurEnvoy
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecurEnvoy Multi-Factor Authentication | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SecureAuth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureAuth IDP | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| SecureAuth Login | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SecureLink
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureLink | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SecureNet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureNet | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Semperis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Semperis DSP | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SentinelOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Singularity Platform | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| Vigilance | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: ServiceNow
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ServiceNow | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Vendor: Shibboleth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Shibboleth | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Silverfort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Silverfort Authentication Platform | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SiteMinder
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec SiteMinder | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: SkySea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SkySea ClientView | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
Vendor: Skyformation
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Skyformation | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Skyhigh Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secure Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Skyhigh CASB | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Skyhigh Security Cloud | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: Snort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Snort | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Sophos
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sophos Endpoint Protection | T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Sophos UTM | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Sophos XG Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Sophos XGS Firewall | T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Squid
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Squid | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: SunOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SunOne | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Suricata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Suricata | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Swift
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swift | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Swimlane
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swimlane Turbine | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Swivel
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swivel | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Symantec
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec Advanced Threat Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Symantec CloudSOC | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Symantec Content Analysis System | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Symantec Email Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Symantec Endpoint Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Symantec VIP | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Symantec Web Security Service | T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Synology NAS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Synology NAS | T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares |
|
Vendor: TXOne Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| StellarProtect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Tanium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tanium Cloud Platform | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Tanium Core Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Tanium Threat Response | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Tenable
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tenable Cloud Security | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Tenable Identity Exposure | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Tenable Vulnerability Management | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Tenable Web App Scanning | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: ThoughtSpot
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ThoughtSpot | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: ThreatBlockr
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ThreatBlockr | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Trellix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Trellix Central Management | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Trellix Email Security | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Trellix Endpoint Security | T1018 - Remote System Discovery T1021 - Remote Services T1021.003 - T1021.003 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| Trellix Endpoint Security (HX) | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Trellix Network Security (NX) | T1018 - Remote System Discovery T1021 - Remote Services T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
| Trellix Web MPS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Trend Micro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apex One | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Deep Discovery Inspector | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Deep Security | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| OfficeScan | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| TippingPoint NGIPS | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Trend Micro ScanMail | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Vision One | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Unix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auditbeat | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Unix | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Unix Auditd | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| rsyslog | T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: VBCorp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| VBCorp | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: VMware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Carbon Black App Control | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 |
|
| Carbon Black CES | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Carbon Black EDR | T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
| VMware AirWatch | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services |
|
| VMware ESXi | T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| VMware Horizon | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| VMware NSX | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| VMware View | T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
| vCenter | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vendor: Varonis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Varonis Data Security Platform | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Vectra
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Vectra Cognito Detect | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Veeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Veeam | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Watchguard
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Watchguard | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Wiz
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Wiz | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Workday
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Workday | T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
Vendor: Zeek
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zeek | T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: ZeroFox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ZeroFox Protection | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Zimperium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zimperium MTD | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Vendor: Zscaler
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FW Zscaler Cloud | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Zscaler Breach Predictor | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
| Zscaler Internet Access | T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Zscaler Private Access | T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Zyxel Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zyxel USG FLEX | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor:
Vendor: iBoss
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Iboss Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Vendor: pfSense
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| pfSense | T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|