Use Case: Malware
June 15, 2026 · View on GitHub
Use Case: Malware
Vendor: 1password
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| 1password | T1078 - Valid Accounts |
|
Vendor: AIM Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AI Security | TA0002 - TA0002 |
|
Vendor: APC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| APC | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Abnormal Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Abnormal Security | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Absolute
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Absolute DDS | T1078 - Valid Accounts |
|
Vendor: Accellion
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kiteworks | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Admin By Request
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Admin By Request | TA0002 - TA0002 |
|
Vendor: Adobe
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Adobe Experience Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Airlock
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Airlock Allowlisting | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: Akamai
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Akamai Guardicore | T1078 - Valid Accounts TA0002 - TA0002 TA0011 - TA0011 |
|
| Akamai SIEM | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Cloud Akamai | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Amazon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AWS Bastion | T1210 - Exploitation of Remote Services |
|
| AWS CloudTrail | T1037 - Boot or Logon Initialization Scripts T1078 - Valid Accounts T1204 - User Execution T1204.002 - T1204.002 T1204.003 - T1204.003 TA0002 - TA0002 |
|
| AWS CloudWatch | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
| AWS Elastic Load Balancer | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| AWS GuardDuty | TA0002 - TA0002 |
|
| AWS Network Firewall | TA0002 - TA0002 TA0011 - TA0011 |
|
| AWS Simple Email Service | T1190 - Exploit Public Fasing Application |
|
| AWS WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Amazon EKS | T1078 - Valid Accounts |
|
| Amazon Inspector | TA0002 - TA0002 |
|
| Amazon Route 53 | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| Amazon S3 | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| VPC Flow Logs | TA0011 - TA0011 |
|
Vendor: Apache
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apache | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: AppSense
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AppSense Application Manager | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: Apple
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| macOS | T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Arbor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Arbor Cloud | TA0011 - TA0011 |
|
Vendor: Arctic Wolf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance Protect | TA0002 - TA0002 |
|
Vendor: Armorblox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Armorblox | T1190 - Exploit Public Fasing Application |
|
Vendor: AssetView
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| AssetView | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Atlassian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Atlassian | T1078 - Valid Accounts |
|
| Atlassian Guard | TA0002 - TA0002 |
|
Vendor: Attivo
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BOTsink | TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Auth0
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auth0 | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Barracuda
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Barracuda Cloudgen Firewall | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 TA0011 - TA0011 |
|
| Barracuda Email Security Gateway | T1190 - Exploit Public Fasing Application |
|
| Barracuda WAF | TA0011 - TA0011 |
|
Vendor: BeyondTrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BeyondInsight | T1078 - Valid Accounts TA0002 - TA0002 |
|
| BeyondTrust | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| BeyondTrust Remote Support | T1078 - Valid Accounts |
|
| BeyondTrust Secure Remote Access | T1078 - Valid Accounts TA0011 - TA0011 |
|
Vendor: Bitdefender
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GravityZone | TA0002 - TA0002 |
|
Vendor: Bitglass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Bitglass CASB | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: BlackBerry
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BlackBerry Protect | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: BlueCat Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BlueCat Networks | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
Vendor: Box
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Box Cloud Content Management | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Box Shield | TA0002 - TA0002 |
|
Vendor: CA Technologies
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CA Privileged Access Manager Server Control | T1078 - Valid Accounts |
|
Vendor: CDS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CDS | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Canon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| imageRUNNER ADVANCE | T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: CatoNetworks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cato Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Check Point
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Check Point Anti-Malware | TA0002 - TA0002 |
|
| Check Point Avanan | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Check Point Endpoint Security | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Check Point Identity Awareness | T1078 - Valid Accounts TA0002 - TA0002 TA0011 - TA0011 |
|
| Check Point NGFW | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Check Point Security Gateway | T1078 - Valid Accounts |
|
| Check Point Threat Emulation | TA0002 - TA0002 |
|
| Harmony Email & Collaboration | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Harmony SaaS | TA0002 - TA0002 |
|
| SmartDefense | TA0002 - TA0002 |
|
Vendor: Checkmarx
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Checkmarx | T1078 - Valid Accounts |
|
Vendor: Cimcor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CimTrak | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Cisco
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cisco | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cisco Adaptive Security Appliance | TA0011 - TA0011 |
|
| Cisco Cloud Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
| Cisco Collaboration | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Cisco Cyber Vision | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Cisco Data Center | T1078 - Valid Accounts |
|
| Cisco Email Security | T1190 - Exploit Public Fasing Application |
|
| Cisco IOS | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Cisco Identity Intelligence | TA0002 - TA0002 |
|
| Cisco Identity and Access Management | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Cisco Network Infrastructure and Management | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Cisco Network Monitoring and Analytics | TA0011 - TA0011 |
|
| Cisco Network Security | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
| Cisco Remote Access Security | T1078 - Valid Accounts |
|
| Cisco Secure Endpoint | TA0002 - TA0002 |
|
| Cisco Secure Firewall Management Center | T1078 - Valid Accounts TA0011 - TA0011 |
|
| Cisco Secure Network Analytics | TA0002 - TA0002 |
|
| Cisco Web Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Duo Access | T1078 - Valid Accounts |
|
Vendor: Citrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Citrix Gateway | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| Citrix Secure Private Access | TA0011 - TA0011 |
|
| Citrix Security Analytics | TA0002 - TA0002 |
|
| Citrix Virtual Apps | T1078 - Valid Accounts |
|
| Citrix Web App Firewall | TA0011 - TA0011 |
|
Vendor: Claroty
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CTD | T1210 - Exploitation of Remote Services TA0002 - TA0002 |
|
| Claroty | TA0002 - TA0002 |
|
Vendor: Click Studios
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Passwordstate | T1078 - Valid Accounts |
|
Vendor: Cloudflare
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cloudflare Insights | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cloudflare WAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Cohesity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cohesity DataPlatform | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Commvault
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Commvault | T1078 - Valid Accounts |
|
| Commvault ThreatWise | TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Corelight
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Corelight IDS | TA0002 - TA0002 |
|
Vendor: CrowdStrike
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Falcon | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1072 - Software Deployment Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Identity Threat Detection & Response | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: CyberArk
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| CyberArk Privilege Access Manager | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Cybereason
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cybereason | TA0002 - TA0002 |
|
Vendor: Cyberhaven
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cyberhaven DLP | TA0002 - TA0002 |
|
Vendor: Cyera
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Omni DLP | TA0002 - TA0002 |
|
Vendor: Cylance
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cylance OPTICS | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
Vendor: Cynet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cynet EDR | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: Darktrace
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Darktrace | T1078 - Valid Accounts T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Delinea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Centrify Audit and Monitoring Service | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Centrify Authentication Service | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Centrify Infrastructure Services | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Centrify Zero Trust Privilege Services | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Delinea Platform | T1078 - Valid Accounts |
|
| Secret Server | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Dell
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| EMC Isilon | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| PowerProtect | T1078 - Valid Accounts |
|
| PowerProtect Data Manager | T1078 - Valid Accounts |
|
| PowerStore | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Sonicwall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Digital Arts
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Arts i-FILTER for Business | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Digital Guardian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Digital Guardian Endpoint Protection | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Digital Guardian Network DLP | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Dnsmasq
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Dnsmasq | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
Vendor: Dropbox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Dropbox | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Dtex Systems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| DTEX InTERCEPT | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: ESET
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ESET Endpoint Security | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Egnyte
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Egnyte | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Entrust
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Entrust Identity Enterprise | T1078 - Valid Accounts |
|
Vendor: Epic
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Epic SIEM | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Ermes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ermes Browser Security Platform | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Exabeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Correlation Rule | TA0002 - TA0002 |
|
| Phishing Detection | T1190 - Exploit Public Fasing Application |
|
| Search | TA0002 - TA0002 |
|
Vendor: Extrahop
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Extrahop Reveal(x) | T1071 - Application Layer Protocol T1078 - Valid Accounts T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 |
|
Vendor: Extreme Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| EXOS | T1078 - Valid Accounts |
|
| Platform ONE | T1078 - Valid Accounts |
|
| Universal ZTNA | T1078 - Valid Accounts |
|
| Zebra WLAN Management | T1210 - Exploitation of Remote Services |
|
Vendor: F-Secure
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| F-Secure Client Security | TA0002 - TA0002 |
|
Vendor: F5
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BIG-IP F5 LBR | TA0002 - TA0002 |
|
| F5 Access Policy Manager | T1078 - Valid Accounts T1210 - Exploitation of Remote Services TA0011 - TA0011 |
|
| F5 Advanced Firewall Manager | TA0002 - TA0002 TA0011 - TA0011 |
|
| F5 Advanced Web Application Firewall | TA0011 - TA0011 |
|
| F5 Application Security Manager | TA0002 - TA0002 TA0011 - TA0011 |
|
| F5 BIG-IP | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 TA0011 - TA0011 |
|
| F5 BIG-IP DNS | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| F5 Distributed Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| F5 Silverline | TA0002 - TA0002 TA0011 - TA0011 |
|
| F5 WebSafe | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| NGINX | TA0011 - TA0011 |
|
Vendor: FTP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FTP | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Fastly
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Next-Gen Web Application Firewall | TA0002 - TA0002 |
|
Vendor: FireMon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FireMon | T1078 - Valid Accounts |
|
Vendor: Forcepoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forcepoint DLP | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Forcepoint Email Security | T1190 - Exploit Public Fasing Application |
|
| Forcepoint Next-Gen Firewall | TA0011 - TA0011 |
|
| Websense Security Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Forescout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Forescout CounterACT | TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Fortinet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FortiAuthenticator | T1078 - Valid Accounts |
|
| FortiClient | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| FortiGate | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
| FortiNAC | T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| FortiSIEM | T1078 - Valid Accounts T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| FortiXDR | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
| Fortinet Enterprise Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
| Fortinet UTM | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Fortinet VPN | TA0011 - TA0011 |
|
| Fortiweb Web Application Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: FreeBSD
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FreeBSD | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: Gamma
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Gamma | TA0002 - TA0002 |
|
Vendor: GitHub
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GitHub | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: GoAnywhere
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GoAnywhere MFT | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Google
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| GCP CloudAudit | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Google Cloud Platform | T1037 - Boot or Logon Initialization Scripts T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1204.003 - T1204.003 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Google Workspace | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Security Command Center | TA0002 - TA0002 |
|
Vendor: HP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Aruba ClearPass Policy Manager | T1078 - Valid Accounts |
|
| Aruba Mobility Master | T1078 - Valid Accounts |
|
| Aruba Wireless controller | T1078 - Valid Accounts |
|
| ArubaOS | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| HP iLO | T1078 - Valid Accounts |
|
Vendor: HUMAN Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| HUMAN Bot Defender | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Halcyon
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Halcyon | TA0002 - TA0002 |
|
Vendor: HelpSystems
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Powertech Identity and Access Manager | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: Hornet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Hornetsecurity Cloud Email Security Services | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
Vendor: Huawei
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Huawei Enterprise Network Firewall | TA0011 - TA0011 |
|
| Huawei Unified Security Gateway | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: IBM
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Guardium | TA0002 - TA0002 |
|
| HCL Notes | TA0011 - TA0011 |
|
| IBM | T1078 - Valid Accounts |
|
| IBM Datapower | T1071 - Application Layer Protocol T1078 - Valid Accounts T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0011 - TA0011 |
|
| IBM Mainframe | T1078 - Valid Accounts |
|
| QRadar SIEM | TA0002 - TA0002 |
|
| Security Access Manager | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: IMSS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IMSS | TA0002 - TA0002 |
|
Vendor: IMSVA
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IMSVA | T1190 - Exploit Public Fasing Application |
|
Vendor: IPTables
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IPTables FW | TA0011 - TA0011 |
|
Vendor: Illumio
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Illumio Core | TA0011 - TA0011 |
|
Vendor: Imperva
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Attack Analytics | TA0002 - TA0002 |
|
| Imperva Incapsula | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Imperva SecureSphere | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Imprivata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Imprivata | T1078 - Valid Accounts |
|
Vendor: Infoblox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| BloxOne DDI | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Ipswitch
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| MoveIt Transfer | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Ironscales
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ironscales | T1078 - Valid Accounts T1190 - Exploit Public Fasing Application |
|
Vendor: Island
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Island Enterprise Browser | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Ivanti
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ivanti Pulse Secure | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Jamf
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jamf Protect | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Jumpcloud
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Jumpcloud | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Juniper Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Juniper SRX Series | T1078 - Valid Accounts TA0002 - TA0002 TA0011 - TA0011 |
|
| Junos OS | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: Kasada
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kasada | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Kaspersky
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kaspersky Endpoint Security for Business | TA0002 - TA0002 |
|
Vendor: Kemp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kemp LoadMaster | TA0002 - TA0002 |
|
Vendor: Kong
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Kong Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: LanScope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LanScope Cat | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: LastPass
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LastPass | T1078 - Valid Accounts |
|
Vendor: Libraesva
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Libraesva Email Security | T1190 - Exploit Public Fasing Application |
|
Vendor: LiquidFiles
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LiquidFiles | T1078 - Valid Accounts |
|
Vendor: LogRhythm
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| LogRhythm | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| NetMon | TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Lookout
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Lookout | TA0002 - TA0002 |
|
Vendor: Malwarebytes
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Malwarebytes Endpoint Protection | TA0002 - TA0002 |
|
Vendor: ManageEngine
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ADManager Plus | TA0002 - TA0002 |
|
| ADSSP | T1078 - Valid Accounts |
|
| PAM360 | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: McAfee
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| McAfee Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Menlo Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Menlo Security | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Microsoft
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Active Directory Federation Services | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Azure AD Activity Logs | T1071 - Application Layer Protocol T1078 - Valid Accounts T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| Azure AD Sign-In Logs | T1078 - Valid Accounts |
|
| Azure ATP | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 |
|
| Azure Container Registry | T1078 - Valid Accounts |
|
| Azure Event Hub | TA0002 - TA0002 |
|
| Azure Firewall | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0011 - TA0011 |
|
| Azure Key Vault | T1078 - Valid Accounts |
|
| Azure MFA | T1078 - Valid Accounts |
|
| Azure Monitor | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1204.003 - T1204.003 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
| Azure Monitor - VM Insights | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Azure Network Watcher | TA0011 - TA0011 |
|
| Copilot | TA0002 - TA0002 |
|
| Event Viewer - ADFS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Event Viewer - Application | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Event Viewer - Applocker | TA0002 - TA0002 |
|
| Event Viewer - AzureADPasswordProtection-DCAgent | T1072 - Software Deployment Tools T1078 - Valid Accounts T1546 - Event Triggered Execution T1546.003 - T1546.003 TA0002 - TA0002 |
|
| Event Viewer - CodeIntegrity | T1072 - Software Deployment Tools T1546 - Event Triggered Execution T1546.003 - T1546.003 TA0002 - TA0002 |
|
| Event Viewer - DNSClient | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| Event Viewer - DNSServer | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0011 - TA0011 |
|
| Event Viewer - NPS | T1078 - Valid Accounts |
|
| Event Viewer - NTLM | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Event Viewer - OpenSSH | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Event Viewer - PowerShell | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Event Viewer - SMB | T1078 - Valid Accounts T1569 - System Services T1569.002 - T1569.002 |
|
| Event Viewer - Security | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1072 - Software Deployment Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Event Viewer - System | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| Event Viewer - TaskScheduler | T1053 - Scheduled Task/Job T1053.005 - Scheduled Task/Job: Scheduled Task T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell TA0002 - TA0002 |
|
| Event Viewer - TerminalServices-Gateway | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Event Viewer - TerminalServices-RemoteConnectionManager | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Event Viewer - WinNat | T1078 - Valid Accounts |
|
| M365 Audit Logs | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| MSSQL | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Microsoft 365 | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| Microsoft Advanced Threat Analytics | TA0002 - TA0002 |
|
| Microsoft CAS | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Microsoft DHCP Log | TA0011 - TA0011 |
|
| Microsoft DNS Log | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| Microsoft Defender | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1072 - Software Deployment Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| Microsoft Defender for Cloud | TA0002 - TA0002 |
|
| Microsoft Defender for Endpoint | TA0002 - TA0002 |
|
| Microsoft Entra | TA0002 - TA0002 |
|
| Microsoft Exchange | T1078 - Valid Accounts T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Microsoft IIS | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Microsoft Network Policy Server | T1078 - Valid Accounts |
|
| Microsoft Purview | TA0002 - TA0002 |
|
| Microsoft RRAS | T1078 - Valid Accounts |
|
| Microsoft Sentinel | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Microsoft WMI Log | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| NetLogon | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| Network Security Group Flow Logs | TA0011 - TA0011 |
|
| Sysmon | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1072 - Software Deployment Tools T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Windows Defender Application Control | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: Mimecast
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Code42 Incydr | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1190 - Exploit Public Fasing Application T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Mimecast Secure Email Gateway | T1078 - Valid Accounts T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Mimecast Targeted Threat Protection - URL | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Mvision
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Mvision | TA0002 - TA0002 |
|
Vendor: Nasuni
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nasuni | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: NetApp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetApp | TA0002 - TA0002 |
|
| NetApp Ontap | T1078 - Valid Accounts |
|
Vendor: NetMotion Wireless
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| NetMotion Wireless | T1078 - Valid Accounts |
|
Vendor: Netskope
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netskope Security Cloud | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Netskope Webtx | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Netwrix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Netwrix Auditor | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: NextDLP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Reveal | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Nightfall
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nightfall AI | TA0002 - TA0002 |
|
Vendor: Nozomi Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Nozomi Networks Guardian | TA0002 - TA0002 |
|
Vendor: OSSEC
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OSSEC | TA0002 - TA0002 |
|
Vendor: Obsidian Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SaaS Security | TA0002 - TA0002 |
|
Vendor: Okta
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Okta Adaptive MFA | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Okta Workforce Identity Cloud | T1078 - Valid Accounts |
|
Vendor: Onapsis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Onapsis | TA0002 - TA0002 |
|
Vendor: OneLogin
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneLogin | T1078 - Valid Accounts |
|
Vendor: OneWelcome
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OneWelcome Cloud Identity Platform | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Open VPN
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Open VPN | T1078 - Valid Accounts |
|
Vendor: OpenAI
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ChatGPT | T1078 - Valid Accounts |
|
Vendor: OpenDJ
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenDJ | T1078 - Valid Accounts |
|
Vendor: OpenLDAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| OpenLDAP | T1078 - Valid Accounts |
|
Vendor: Oracle
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Oracle Public Cloud | T1078 - Valid Accounts TA0011 - TA0011 |
|
| Solaris | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: Ordr
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Ordr AI Protect | TA0002 - TA0002 |
|
Vendor: Palo Alto Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Cortex XDR | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
| Cortex XSOAR | T1078 - Valid Accounts |
|
| GlobalProtect | T1078 - Valid Accounts TA0002 - TA0002 TA0011 - TA0011 |
|
| Palo Alto Aperture | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Palo Alto NGFW | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Palo Alto WildFire | TA0002 - TA0002 |
|
| Prisma Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Prisma Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Password Manager Pro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Password Manager Pro | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Ping Identity
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ForgeRock | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Ping Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Ping Identity | T1078 - Valid Accounts |
|
| PingFederate | T1078 - Valid Accounts |
|
| PingOne | T1078 - Valid Accounts |
|
Vendor: Portnox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Portnox Cloud | T1078 - Valid Accounts |
|
Vendor: Postfix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Postfix | T1190 - Exploit Public Fasing Application TA0011 - TA0011 |
|
Vendor: PowerDNS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| PowerDNS Recursor | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
Vendor: Progress
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Progress ShareFile | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Proofpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ObserveIT | TA0002 - TA0002 |
|
| Proofpoint CASB | TA0002 - TA0002 |
|
| Proofpoint Email Protection | T1190 - Exploit Public Fasing Application |
|
| Proofpoint Enterprise Protection | T1190 - Exploit Public Fasing Application |
|
| Targeted Attack Platform | T1190 - Exploit Public Fasing Application |
|
Vendor: Qualys
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Qualys AssetView | T1078 - Valid Accounts |
|
Vendor: RSA
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| RSA Authentication Manager | T1078 - Valid Accounts |
|
| SecurID | T1078 - Valid Accounts |
|
Vendor: Radware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Radware WAF | TA0002 - TA0002 |
|
Vendor: Rapid7
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rapid7 InsightVM | TA0002 - TA0002 |
|
Vendor: RedShield
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| RedShield WAF | TA0002 - TA0002 |
|
Vendor: Rubrik
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Rubrik Cloud Data Management | T1078 - Valid Accounts |
|
Vendor: SAP
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SAP | T1078 - Valid Accounts |
|
Vendor: SIGSCI
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SIGSCI | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Sailpoint
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| IdentityNow | T1078 - Valid Accounts |
|
Vendor: Salesforce
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Salesforce | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Sangfor
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sangfor NGAF | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Secomea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secomea | T1078 - Valid Accounts |
|
Vendor: SecureAuth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureAuth IDP | T1078 - Valid Accounts TA0002 - TA0002 |
|
| SecureAuth Login | T1078 - Valid Accounts |
|
Vendor: SecureLink
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureLink | T1078 - Valid Accounts |
|
Vendor: SecureNet
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SecureNet | T1078 - Valid Accounts |
|
Vendor: Semperis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Semperis DSP | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: SentinelOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Singularity Platform | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1072 - Software Deployment Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| Vigilance | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: ServiceNow
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ServiceNow | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1210 - Exploitation of Remote Services T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: Shibboleth
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Shibboleth | T1078 - Valid Accounts |
|
Vendor: Silverfort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Silverfort Authentication Platform | T1078 - Valid Accounts |
|
Vendor: SiteMinder
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec SiteMinder | T1078 - Valid Accounts |
|
Vendor: SkySea
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SkySea ClientView | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 - T1204.001 T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
Vendor: Skyformation
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Skyformation | T1078 - Valid Accounts |
|
Vendor: Skyhigh Security
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Secure Web Gateway | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Skyhigh CASB | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Skyhigh Security Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Vendor: Snort
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Snort | TA0002 - TA0002 |
|
Vendor: Sophos
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sophos Endpoint Protection | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
| Sophos UTM | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
| Sophos XG Firewall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
| Sophos XGS Firewall | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Splunk
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Splunk Stream | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
Vendor: Squid
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Squid | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: SunOne
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| SunOne | T1078 - Valid Accounts |
|
Vendor: Suricata
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Suricata | TA0002 - TA0002 |
|
Vendor: Swift
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swift | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Swimlane
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Swimlane Turbine | T1078 - Valid Accounts |
|
Vendor: Symantec
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Symantec Advanced Threat Protection | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 TA0011 - TA0011 |
|
| Symantec CloudSOC | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Symantec Content Analysis System | TA0002 - TA0002 |
|
| Symantec DLP | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Symantec Email Security | T1190 - Exploit Public Fasing Application TA0002 - TA0002 |
|
| Symantec Endpoint Protection | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 TA0011 - TA0011 |
|
| Symantec VIP | T1078 - Valid Accounts |
|
| Symantec Web Security Service | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: Synology NAS
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Synology NAS | T1569 - System Services T1569.002 - T1569.002 |
|
Vendor: Sysdig
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Sysdig Monitor | T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
Vendor: TXOne Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| StellarProtect | TA0002 - TA0002 |
|
Vendor: Tanium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tanium Cloud Platform | T1078 - Valid Accounts |
|
| Tanium Core Platform | TA0002 - TA0002 |
|
| Tanium Integrity Monitor | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
| Tanium Threat Response | TA0002 - TA0002 |
|
Vendor: Tenable
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tenable Cloud Security | T1078 - Valid Accounts |
|
| Tenable Identity Exposure | TA0002 - TA0002 |
|
| Tenable Vulnerability Management | TA0002 - TA0002 |
|
| Tenable Web App Scanning | TA0002 - TA0002 |
|
Vendor: Tessian
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tessian Cloud Email Security | T1190 - Exploit Public Fasing Application |
|
Vendor: ThoughtSpot
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ThoughtSpot | T1078 - Valid Accounts |
|
Vendor: ThreatBlockr
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ThreatBlockr | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Trellix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Trellix Central Management | TA0002 - TA0002 |
|
| Trellix DLP Endpoint | TA0002 - TA0002 |
|
| Trellix Database Security | TA0002 - TA0002 |
|
| Trellix Email Security | TA0002 - TA0002 |
|
| Trellix Endpoint Security | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interperter T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1190 - Exploit Public Fasing Application T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002 |
|
| Trellix Endpoint Security (HX) | TA0002 - TA0002 |
|
| Trellix Helix | TA0002 - TA0002 |
|
| Trellix Network Security (NX) | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
| Trellix Network Security Platform | TA0002 - TA0002 |
|
| Trellix Web MPS | TA0002 - TA0002 |
|
| Trellix ePolicy Orchestrator | TA0002 - TA0002 |
|
Vendor: Trend Micro
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Apex One | TA0002 - TA0002 |
|
| Deep Discovery Inspector | T1078 - Valid Accounts TA0002 - TA0002 |
|
| Deep Security | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1569.002 - T1569.002 T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| OfficeScan | TA0002 - TA0002 TA0011 - TA0011 |
|
| TippingPoint NGIPS | TA0002 - TA0002 |
|
| Trend Micro ScanMail | TA0002 - TA0002 |
|
| Vision One | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Tripwire Enterprise
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Tripwire Enterprise | TA0002 - TA0002 |
|
Vendor: Unix
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Auditbeat | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Unix | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1071 - Application Layer Protocol T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| Unix Auditd | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Unix Named | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
| Unix Sendmail | T1190 - Exploit Public Fasing Application |
|
| rsyslog | TA0011 - TA0011 |
|
Vendor: VBCorp
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| VBCorp | TA0002 - TA0002 |
|
Vendor: VMware
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Carbon Black App Control | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 |
|
| Carbon Black CES | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0011 - TA0011 |
|
| Carbon Black EDR | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1012 - Query Registry T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1027.004 - Obfuscated Files or Information: Compile After Delivery T1036 - Masquerading T1036.004 - T1036.004 T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.003 - T1053.003 T1053.005 - Scheduled Task/Job: Scheduled Task T1055 - Process Injection T1055.001 - Process Injection: Dynamic-link Library Injection T1059 - Command and Scripting Interperter T1059.001 - Command and Scripting Interperter: PowerShell T1059.003 - T1059.003 T1059.005 - T1059.005 T1059.007 - T1059.007 T1072 - Software Deployment Tools T1078 - Valid Accounts T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1123 - Audio Capture T1127 - Trusted Developer Utilities Proxy Execution T1127.001 - Trusted Developer Utilities Proxy Execution: MSBuild T1134 - Access Token Manipulation T1134.001 - Access Token Manipulation: Token Impersonation/Theft T1134.002 - T1134.002 T1135 - Network Share Discovery T1190 - Exploit Public Fasing Application T1197 - BITS Jobs T1202 - Indirect Command Execution T1203 - Exploitation for Client Execution T1204 - User Execution T1204.002 - T1204.002 T1210 - Exploitation of Remote Services T1218 - Signed Binary Proxy Execution T1218.001 - Signed Binary Proxy Execution: Compiled HTML File T1218.002 - Signed Binary Proxy Execution: Control Panel T1218.004 - Signed Binary Proxy Execution: InstallUtil T1218.005 - T1218.005 T1218.007 - Signed Binary Proxy Execution: Msiexec T1218.008 - T1218.008 T1218.010 - Signed Binary Proxy Execution: Regsvr32 T1218.011 - Signed Binary Proxy Execution: Rundll32 T1482 - Domain Trust Discovery T1490 - Inhibit System Recovery T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1546 - Event Triggered Execution T1546.001 - T1546.001 T1546.003 - T1546.003 T1546.011 - T1546.011 T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1547.002 - T1547.002 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1555 - Credentials from Password Stores T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1562 - Impair Defenses T1562.004 - Impair Defenses: Disable or Modify System Firewall T1563 - Remote Service Session Hijacking T1563.002 - T1563.002 T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1574 - Hijack Execution Flow T1574.002 - Hijack Execution Flow: DLL Side-Loading T1574.010 - T1574.010 T1574.011 - T1574.011 TA0002 - TA0002 TA0010 - TA0010 TA0011 - TA0011 |
|
| VMware AirWatch | T1078 - Valid Accounts |
|
| VMware ESXi | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
| VMware Horizon | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| VMware Identity Manager | TA0002 - TA0002 |
|
| VMware NSX | TA0011 - TA0011 |
|
| VMware View | T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
| vCenter | T1078 - Valid Accounts T1210 - Exploitation of Remote Services T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002 |
|
Vendor: Varonis
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Varonis Data Security Platform | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Vectra
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Vectra Cognito Detect | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Veeam
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Veeam | TA0002 - TA0002 |
|
Vendor: Virtru
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Virtru | TA0002 - TA0002 |
|
Vendor: Vormetric
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Vormetric | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002 |
|
Vendor: Watchguard
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Watchguard | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Wiz
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Wiz | T1078 - Valid Accounts TA0002 - TA0002 |
|
Vendor: Workday
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Workday | T1078 - Valid Accounts |
|
Vendor: Zeek
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zeek | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1210 - Exploitation of Remote Services T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1569 - System Services T1569.002 - T1569.002 T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor: ZeroFox
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| ZeroFox Protection | TA0002 - TA0002 |
|
Vendor: Zimperium
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zimperium MTD | TA0002 - TA0002 |
|
Vendor: Zscaler
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| FW Zscaler Cloud | TA0011 - TA0011 |
|
| Zscaler Breach Predictor | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Zscaler Deception | TA0002 - TA0002 |
|
| Zscaler Internet Access | T1003 - OS Credential Dumping T1003.002 - T1003.002 T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 TA0011 - TA0011 |
|
| Zscaler Private Access | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0011 - TA0011 |
|
Vendor: Zyxel Networks
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Zyxel USG FLEX | TA0002 - TA0002 TA0011 - TA0011 |
|
Vendor:
Vendor: iBoss
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| Iboss Cloud | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Vendor: pfSense
| Product | MITRE ATT&CK® TTP | Content |
|---|---|---|
| pfSense | TA0011 - TA0011 |
|