UDV Group
главная продукты UDV NTA покрытие MITRE ATT&CK
UDV NTA · анализ сетевого трафика

покрытие матрицы
MITRE ATT&CK Enterprise

Техники и подтехники, которые UDV NTA обнаруживает в сетевом трафике — сигнатурно, с помощью правил поведенческого анализа и моделей машинного обучения.

общее покрытие
16,1%
90 из 558 техник и подтехник
01
52 / 201
техник покрыто из матрицы
02
69
сигнатурно
03
21
поведенческий анализ и ML
04
19
техник с частичным покрытием
01
легенда

как читать матрицу

сигнатурно
покрыто сигнатурами
техника обнаруживается правилами сигнатурного анализа сетевого трафика
поведение + ML
покрыто несигнатурно
поведенческие правила и модели машинного обучения
частично
покрыта часть подтехник
обнаруживается не вся техника, а отдельные её подтехники
не покрывается
вне зоны видимости
техника не имеет устойчивых сетевых индикаторов
02
матрица

тактики, техники и подтехники

01
TA0043
Reconnaissance
разведка
10 техник
T1595
3/3
Active Scanning
T1595.001Scanning IP Blocks
T1595.002Vulnerability Scanning
T1595.003Wordlist Scanning
T1592
0/4
Gather Victim Host Information
T1592.001Hardware
T1592.002Software
T1592.003Firmware
T1592.004Client Configurations
T1589
0/3
Gather Victim Identity Information
T1589.001Credentials
T1589.002Email Addresses
T1589.003Employee Names
T1590
0/6
Gather Victim Network Information
T1590.001Domain Properties
T1590.002DNS
T1590.003Network Trust Dependencies
T1590.004Network Topology
T1590.005IP Addresses
T1590.006Network Security Appliances
T1591
0/4
Gather Victim Org Information
T1591.001Determine Physical Locations
T1591.002Business Relationships
T1591.003Identify Business Tempo
T1591.004Identify Roles
T1598
2/4
Phishing for Information
T1598.001Spearphishing Service
T1598.002Spearphishing Attachment
T1598.003Spearphishing Link
T1598.004Spearphishing Voice
T1597
0/2
Search Closed Sources
T1597.001Threat Intel Vendors
T1597.002Purchase Technical Data
T1596
0/5
Search Open Technical Databases
T1596.001DNS/Passive DNS
T1596.002WHOIS
T1596.003Digital Certificates
T1596.004CDNs
T1596.005Scan Databases
T1593
0/3
Search Open Websites/Domains
T1593.001Social Media
T1593.002Search Engines
T1593.003Code Repositories
T1594
Search Victim-Owned Websites
02
TA0042
Resource Development
подготовка ресурсов
8 техник
T1650
Acquire Access
T1583
0/8
Acquire Infrastructure
T1583.001Domains
T1583.002DNS Server
T1583.003Virtual Private Server
T1583.004Server
T1583.005Botnet
T1583.006Web Services
T1583.007Serverless
T1583.008Malvertising
T1586
0/3
Compromise Accounts
T1586.001Social Media Accounts
T1586.002Email Accounts
T1586.003Cloud Accounts
T1584
0/8
Compromise Infrastructure
T1584.001Domains
T1584.002DNS Server
T1584.003Virtual Private Server
T1584.004Server
T1584.005Botnet
T1584.006Web Services
T1584.007Serverless
T1584.008Network Devices
T1587
0/4
Develop Capabilities
T1587.001Malware
T1587.002Code Signing Certificates
T1587.003Digital Certificates
T1587.004Exploits
T1585
0/3
Establish Accounts
T1585.001Social Media Accounts
T1585.002Email Accounts
T1585.003Cloud Accounts
T1588
0/7
Obtain Capabilities
T1588.001Malware
T1588.002Tool
T1588.003Code Signing Certificates
T1588.004Digital Certificates
T1588.005Exploits
T1588.006Vulnerabilities
T1588.007Artificial Intelligence
T1608
0/6
Stage Capabilities
T1608.001Upload Malware
T1608.002Upload Tool
T1608.003Install Digital Certificate
T1608.004Drive-by Target
T1608.005Link Target
T1608.006SEO Poisoning
03
TA0001
Initial Access
первоначальный доступ
10 техник
T1659
Content Injection
T1189
Drive-by Compromise
T1190
Exploit Public-Facing Application
T1133
External Remote Services
T1200
Hardware Additions
T1566
2/4
Phishing
T1566.001Spearphishing Attachment
T1566.002Spearphishing Link
T1566.003Spearphishing via Service
T1566.004Spearphishing Voice
T1091
Replication Through Removable Media
T1195
0/3
Supply Chain Compromise
T1195.001Compromise Software Dependencies and Development Tools
T1195.002Compromise Software Supply Chain
T1195.003Compromise Hardware Supply Chain
T1199
Trusted Relationship
T1078
0/4
Valid Accounts
T1078.001Default Accounts
T1078.002Domain Accounts
T1078.003Local Accounts
T1078.004Cloud Accounts
04
TA0002
Execution
выполнение
13 техник
T1059
5/12
Command and Scripting Interpreter
T1059.001PowerShell
T1059.002AppleScript
T1059.003Windows Command Shell
T1059.004Unix Shell
T1059.005Visual Basic
T1059.006Python
T1059.007JavaScript
T1059.008Network Device CLI
T1059.009Cloud API
T1059.010AutoHotKey & AutoIT
T1059.011Lua
T1059.012Hypervisor CLI
T1609
Container Administration Command
T1610
Deploy Container
T1203
Exploitation for Client Execution
T1559
0/3
Inter-Process Communication
T1559.001Component Object Model
T1559.002Dynamic Data Exchange
T1559.003XPC Services
T1106
Native API
T1053
1/5
Scheduled Task/Job
T1053.002At
T1053.003Cron
T1053.005Scheduled Task
T1053.006Systemd Timers
T1053.007Container Orchestration Job
T1648
Serverless Execution
T1129
Shared Modules
T1072
Software Deployment Tools
T1569
1/2
System Services
T1569.001Launchctl
T1569.002Service Execution
T1204
2/3
User Execution
T1204.001Malicious Link
T1204.002Malicious File
T1204.003Malicious Image
T1047
Windows Management Instrumentation
05
TA0003
Persistence
закрепление
20 техник
T1098
0/7
Account Manipulation
T1098.001Additional Cloud Credentials
T1098.002Additional Email Delegate Permissions
T1098.003Additional Cloud Roles
T1098.004SSH Authorized Keys
T1098.005Device Registration
T1098.006Additional Container Cluster Roles
T1098.007Additional Local or Domain Groups
T1197
BITS Jobs
T1547
0/14
Boot or Logon Autostart Execution
T1547.001Registry Run Keys / Startup Folder
T1547.002Authentication Package
T1547.003Time Providers
T1547.004Winlogon Helper DLL
T1547.005Security Support Provider
T1547.006Kernel Modules and Extensions
T1547.007Re-opened Applications
T1547.008LSASS Driver
T1547.009Shortcut Modification
T1547.010Port Monitors
T1547.012Print Processors
T1547.013XDG Autostart Entries
T1547.014Active Setup
T1547.015Login Items
T1037
0/5
Boot or Logon Initialization Scripts
T1037.001Logon Script (Windows)
T1037.002Login Hook
T1037.003Network Logon Script
T1037.004RC Scripts
T1037.005Startup Items
T1176
Browser Extensions
T1554
Compromise Host Software Binary
T1136
0/3
Create Account
T1136.001Local Account
T1136.002Domain Account
T1136.003Cloud Account
T1543
0/5
Create or Modify System Process
T1543.001Launch Agent
T1543.002Systemd Service
T1543.003Windows Service
T1543.004Launch Daemon
T1543.005Container Service
T1546
0/17
Event Triggered Execution
T1546.001Change Default File Association
T1546.002Screensaver
T1546.003Windows Management Instrumentation Event Subscription
T1546.004Unix Shell Configuration Modification
T1546.005Trap
T1546.006LC_LOAD_DYLIB Addition
T1546.007Netsh Helper DLL
T1546.008Accessibility Features
T1546.009AppCert DLLs
T1546.010AppInit DLLs
T1546.011Application Shimming
T1546.012Image File Execution Options Injection
T1546.013PowerShell Profile
T1546.014Emond
T1546.015Component Object Model Hijacking
T1546.016Installer Packages
T1546.017Udev Rules
T1133
External Remote Services
T1574
0/13
Hijack Execution Flow
T1574.001DLL Search Order Hijacking
T1574.002DLL Side-Loading
T1574.004Dylib Hijacking
T1574.005Executable Installer File Permissions Weakness
T1574.006Dynamic Linker Hijacking
T1574.007Path Interception by PATH Environment Variable
T1574.008Path Interception by Search Order Hijacking
T1574.009Path Interception by Unquoted Path
T1574.010Services File Permissions Weakness
T1574.011Services Registry Permissions Weakness
T1574.012COR_PROFILER
T1574.013KernelCallbackTable
T1574.014AppDomainManager
T1525
Implant Internal Image
T1556
0/9
Modify Authentication Process
T1556.001Domain Controller Authentication
T1556.002Password Filter DLL
T1556.003Pluggable Authentication Modules
T1556.004Network Device Authentication
T1556.005Reversible Encryption
T1556.006Multi-Factor Authentication
T1556.007Hybrid Identity
T1556.008Network Provider DLL
T1556.009Conditional Access Policies
T1137
0/6
Office Application Startup
T1137.001Office Template Macros
T1137.002Office Test
T1137.003Outlook Forms
T1137.004Outlook Home Page
T1137.005Outlook Rules
T1137.006Add-ins
T1653
Power Settings
T1542
0/5
Pre-OS Boot
T1542.001System Firmware
T1542.002Component Firmware
T1542.003Bootkit
T1542.004ROMMONkit
T1542.005TFTP Boot
T1053
Scheduled Task/Job
T1505
1/5
Server Software Component
T1505.001SQL Stored Procedures
T1505.002Transport Agent
T1505.003Web Shell
T1505.004IIS Components
T1505.005Terminal Services DLL
T1205
0/2
Traffic Signaling
T1205.001Port Knocking
T1205.002Socket Filters
T1078
Valid Accounts
06
TA0004
Privilege Escalation
повышение привилегий
13 техник
T1548
0/6
Abuse Elevation Control Mechanism
T1548.001Setuid and Setgid
T1548.002Bypass User Account Control
T1548.003Sudo and Sudo Caching
T1548.004Elevated Execution with Prompt
T1548.005Temporary Elevated Cloud Access
T1548.006TCC Manipulation
T1134
0/5
Access Token Manipulation
T1134.001Token Impersonation/Theft
T1134.002Create Process with Token
T1134.003Make and Impersonate Token
T1134.004Parent PID Spoofing
T1134.005SID-History Injection
T1547
Boot or Logon Autostart Execution
T1037
Boot or Logon Initialization Scripts
T1543
Create or Modify System Process
T1484
0/2
Domain or Tenant Policy Modification
T1484.001Group Policy Modification
T1484.002Trust Modification
T1611
Escape to Host
T1546
Event Triggered Execution
T1068
Exploitation for Privilege Escalation
T1574
Hijack Execution Flow
T1055
0/12
Process Injection
T1055.001Dynamic-link Library Injection
T1055.002Portable Executable Injection
T1055.003Thread Execution Hijacking
T1055.004Asynchronous Procedure Call
T1055.005Thread Local Storage
T1055.008Ptrace System Calls
T1055.009Proc Memory
T1055.011Extra Window Memory Injection
T1055.012Process Hollowing
T1055.013Process Doppelgänging
T1055.014VDSO Hijacking
T1055.015ListPlanting
T1053
Scheduled Task/Job
T1078
Valid Accounts
07
TA0005
Defense Evasion
обход защиты
42 техник
T1548
Abuse Elevation Control Mechanism
T1134
Access Token Manipulation
T1197
BITS Jobs
T1612
Build Image on Host
T1622
Debugger Evasion
T1140
Deobfuscate/Decode Files or Information
T1610
Deploy Container
T1006
Direct Volume Access
T1484
Domain or Tenant Policy Modification
T1480
0/1
Execution Guardrails
T1480.001Environmental Keying
T1211
Exploitation for Defense Evasion
T1222
0/2
File and Directory Permissions Modification
T1222.001Windows File and Directory Permissions Modification
T1222.002Linux and Mac File and Directory Permissions Modification
T1564
0/12
Hide Artifacts
T1564.001Hidden Files and Directories
T1564.002Hidden Users
T1564.003Hidden Window
T1564.004NTFS File Attributes
T1564.005Hidden File System
T1564.006Run Virtual Instance
T1564.007VBA Stomping
T1564.008Email Hiding Rules
T1564.009Resource Forking
T1564.010Process Argument Spoofing
T1564.011Ignore Process Interrupts
T1564.012File/Path Exclusions
T1574
Hijack Execution Flow
T1562
0/11
Impair Defenses
T1562.001Disable or Modify Tools
T1562.002Disable Windows Event Logging
T1562.003Impair Command History Logging
T1562.004Disable or Modify System Firewall
T1562.006Indicator Blocking
T1562.007Disable or Modify Cloud Firewall
T1562.008Disable or Modify Cloud Logs
T1562.009Safe Mode Boot
T1562.010Downgrade Attack
T1562.011Spoof Security Alerting
T1562.012Disable or Modify Linux Audit System
T1656
Impersonation
T1070
0/9
Indicator Removal
T1070.001Clear Windows Event Logs
T1070.002Clear Linux or Mac System Logs
T1070.003Clear Command History
T1070.004File Deletion
T1070.005Network Share Connection Removal
T1070.006Timestomp
T1070.007Clear Network Connection History and Configurations
T1070.008Clear Mailbox Data
T1070.009Clear Persistence
T1202
Indirect Command Execution
T1036
0/10
Masquerading
T1036.001Invalid Code Signature
T1036.002Right-to-Left Override
T1036.003Rename System Utilities
T1036.004Masquerade Task or Service
T1036.005Match Legitimate Name or Location
T1036.006Space after Filename
T1036.007Double File Extension
T1036.008Masquerade File Type
T1036.009Break Process Trees
T1036.010Masquerade Account Name
T1556
Modify Authentication Process
T1578
0/5
Modify Cloud Compute Infrastructure
T1578.001Create Snapshot
T1578.002Create Cloud Instance
T1578.003Delete Cloud Instance
T1578.004Revert Cloud Instance
T1578.005Modify Cloud Compute Configurations
T1112
Modify Registry
T1601
0/2
Modify System Image
T1601.001Patch System Image
T1601.002Downgrade System Image
T1599
0/1
Network Boundary Bridging
T1599.001Network Address Translation Traversal
T1027
3/15
Obfuscated Files or Information
T1027.001Binary Padding
T1027.002Software Packing
T1027.003Steganography
T1027.004Compile After Delivery
T1027.005Indicator Removal from Tools
T1027.006HTML Smuggling
T1027.007Dynamic API Resolution
T1027.008Stripped Payloads
T1027.009Embedded Payloads
T1027.010Command Obfuscation
T1027.011Fileless Storage
T1027.012LNK Icon Smuggling
T1027.013Encrypted/Encoded File
T1027.014Polymorphic Code
T1027.015Compression
T1647
Plist File Modification
T1055
Process Injection
T1620
Reflective Code Loading
T1207
Rogue Domain Controller
T1014
Rootkit
T1553
0/6
Subvert Trust Controls
T1553.001Gatekeeper Bypass
T1553.002Code Signing
T1553.003SIP and Trust Provider Hijacking
T1553.004Install Root Certificate
T1553.005Mark-of-the-Web Bypass
T1553.006Code Signing Policy Modification
T1218
0/14
System Binary Proxy Execution
T1218.001Compiled HTML File
T1218.002Control Panel
T1218.003CMSTP
T1218.004InstallUtil
T1218.005Mshta
T1218.007Msiexec
T1218.008Odbcconf
T1218.009Regsvcs/Regasm
T1218.010Regsvr32
T1218.011Rundll32
T1218.012Verclsid
T1218.013Mavinject
T1218.014MMC
T1218.015Electron Applications
T1216
0/2
System Script Proxy Execution
T1216.001PubPrn
T1216.002SyncAppvPublishingServer
T1221
Template Injection
T1205
Traffic Signaling
T1127
0/2
Trusted Developer Utilities Proxy Execution
T1127.001MSBuild
T1127.002ClickOnce
T1535
Unused/Unsupported Cloud Regions
T1550
0/4
Use Alternate Authentication Material
T1550.001Application Access Token
T1550.002Pass the Hash
T1550.003Pass the Ticket
T1550.004Web Session Cookie
T1078
Valid Accounts
T1497
0/3
Virtualization/Sandbox Evasion
T1497.001System Checks
T1497.002User Activity Based Checks
T1497.003Time Based Evasion
T1600
0/2
Weaken Encryption
T1600.001Reduce Key Space
T1600.002Disable Crypto Hardware
T1220
XSL Script Processing
08
TA0006
Credential Access
доступ к учетным данным
17 техник
T1557
1/4
Adversary-in-the-Middle
T1557.001LLMNR/NBT-NS Poisoning and SMB Relay
T1557.002ARP Cache Poisoning
T1557.003DHCP Spoofing
T1557.004Evil Twin
T1110
3/4
Brute Force
T1110.001Password Guessing
T1110.002Password Cracking
T1110.003Password Spraying
T1110.004Credential Stuffing
T1555
0/6
Credentials from Password Stores
T1555.001Keychain
T1555.002Securityd Memory
T1555.003Credentials from Web Browsers
T1555.004Windows Credential Manager
T1555.005Password Managers
T1555.006Cloud Secrets Management Stores
T1212
Exploitation for Credential Access
T1187
Forced Authentication
T1606
0/2
Forge Web Credentials
T1606.001Web Cookies
T1606.002SAML Tokens
T1056
0/4
Input Capture
T1056.001Keylogging
T1056.002GUI Input Capture
T1056.003Web Portal Capture
T1056.004Credential API Hooking
T1556
Modify Authentication Process
T1111
Multi-Factor Authentication Interception
T1621
Multi-Factor Authentication Request Generation
T1040
Network Sniffing
T1003
4/8
OS Credential Dumping
T1003.001LSASS Memory
T1003.002Security Account Manager
T1003.003NTDS
T1003.004LSA Secrets
T1003.005Cached Domain Credentials
T1003.006DCSync
T1003.007Proc Filesystem
T1003.008/etc/passwd and /etc/shadow
T1528
Steal Application Access Token
T1649
Steal or Forge Authentication Certificates
T1558
1/5
Steal or Forge Kerberos Tickets
T1558.001Golden Ticket
T1558.002Silver Ticket
T1558.003Kerberoasting
T1558.004AS-REP Roasting
T1558.005Ccache Files
T1539
Steal Web Session Cookie
T1552
0/8
Unsecured Credentials
T1552.001Credentials In Files
T1552.002Credentials in Registry
T1552.003Bash History
T1552.004Private Keys
T1552.005Cloud Instance Metadata API
T1552.006Group Policy Preferences
T1552.007Container API
T1552.008Chat Messages
09
TA0007
Discovery
изучение инфраструктуры
32 техник
T1087
0/4
Account Discovery
T1087.001Local Account
T1087.002Domain Account
T1087.003Email Account
T1087.004Cloud Account
T1010
Application Window Discovery
T1217
Browser Information Discovery
T1580
Cloud Infrastructure Discovery
T1538
Cloud Service Dashboard
T1526
Cloud Service Discovery
T1619
Cloud Storage Object Discovery
T1613
Container and Resource Discovery
T1622
Debugger Evasion
T1652
Device Driver Discovery
T1482
Domain Trust Discovery
T1083
File and Directory Discovery
T1615
Group Policy Discovery
T1654
Log Enumeration
T1046
Network Service Discovery
T1135
Network Share Discovery
T1040
Network Sniffing
T1201
Password Policy Discovery
T1120
Peripheral Device Discovery
T1069
0/3
Permission Groups Discovery
T1069.001Local Groups
T1069.002Domain Groups
T1069.003Cloud Groups
T1057
Process Discovery
T1012
Query Registry
T1018
Remote System Discovery
T1518
0/1
Software Discovery
T1518.001Security Software Discovery
T1082
System Information Discovery
T1614
0/1
System Location Discovery
T1614.001System Language Discovery
T1016
0/2
System Network Configuration Discovery
T1016.001Internet Connection Discovery
T1016.002Wi-Fi Discovery
T1049
System Network Connections Discovery
T1033
System Owner/User Discovery
T1007
System Service Discovery
T1124
System Time Discovery
T1497
Virtualization/Sandbox Evasion
10
TA0008
Lateral Movement
горизонтальное перемещение
9 техник
T1210
Exploitation of Remote Services
T1534
Internal Spearphishing
T1570
Lateral Tool Transfer
T1563
0/2
Remote Service Session Hijacking
T1563.001SSH Hijacking
T1563.002RDP Hijacking
T1021
5/8
Remote Services
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1021.003Distributed Component Object Model
T1021.004SSH
T1021.005VNC
T1021.006Windows Remote Management
T1021.007Cloud Services
T1021.008Direct Cloud VM Connections
T1091
Replication Through Removable Media
T1072
Software Deployment Tools
T1080
Taint Shared Content
T1550
Use Alternate Authentication Material
11
TA0009
Collection
сбор данных
17 техник
T1557
Adversary-in-the-Middle
T1560
0/3
Archive Collected Data
T1560.001Archive via Utility
T1560.002Archive via Library
T1560.003Archive via Custom Method
T1123
Audio Capture
T1119
Automated Collection
T1185
Browser Session Hijacking
T1115
Clipboard Data
T1530
Data from Cloud Storage
T1602
0/2
Data from Configuration Repository
T1602.001SNMP (MIB Dump)
T1602.002Network Device Configuration Dump
T1213
0/5
Data from Information Repositories
T1213.001Confluence
T1213.002SharePoint
T1213.003Code Repositories
T1213.004Customer Relationship Management Software
T1213.005Messaging Applications
T1005
Data from Local System
T1039
Data from Network Shared Drive
T1025
Data from Removable Media
T1074
0/2
Data Staged
T1074.001Local Data Staging
T1074.002Remote Data Staging
T1114
0/3
Email Collection
T1114.001Local Email Collection
T1114.002Remote Email Collection
T1114.003Email Forwarding Rule
T1056
Input Capture
T1113
Screen Capture
T1125
Video Capture
12
TA0011
Command and Control
управление и контроль
18 техник
T1071
4/5
Application Layer Protocol
T1071.001Web Protocols
T1071.002File Transfer Protocols
T1071.003Mail Protocols
T1071.004DNS
T1071.005Publish/Subscribe Protocols
T1092
Communication Through Removable Media
T1659
Content Injection
T1132
2/2
Data Encoding
T1132.001Standard Encoding
T1132.002Non-Standard Encoding
T1001
2/3
Data Obfuscation
T1001.001Junk Data
T1001.002Steganography
T1001.003Protocol or Service Impersonation
T1568
2/3
Dynamic Resolution
T1568.001Fast Flux DNS
T1568.002Domain Generation Algorithms
T1568.003DNS Calculation
T1573
2/2
Encrypted Channel
T1573.001Symmetric Cryptography
T1573.002Asymmetric Cryptography
T1008
Fallback Channels
T1665
Hide Infrastructure
T1105
Ingress Tool Transfer
T1104
Multi-Stage Channels
T1095
Non-Application Layer Protocol
T1571
Non-Standard Port
T1572
Protocol Tunneling
T1090
4/4
Proxy
T1090.001Internal Proxy
T1090.002External Proxy
T1090.003Multi-hop Proxy
T1090.004Domain Fronting
T1219
Remote Access Software
T1205
Traffic Signaling
T1102
3/3
Web Service
T1102.001Dead Drop Resolver
T1102.002Bidirectional Communication
T1102.003One-Way Communication
13
TA0010
Exfiltration
эксфильтрация
9 техник
T1020
0/1
Automated Exfiltration
T1020.001Traffic Duplication
T1030
Data Transfer Size Limits
T1048
1/3
Exfiltration Over Alternative Protocol
T1048.001Exfiltration Over Symmetric Encrypted Non-C2 Protocol
T1048.002Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1048.003Exfiltration Over Unencrypted Non-C2 Protocol
T1041
Exfiltration Over C2 Channel
T1011
0/1
Exfiltration Over Other Network Medium
T1011.001Exfiltration Over Bluetooth
T1052
0/1
Exfiltration Over Physical Medium
T1052.001Exfiltration over USB
T1567
3/4
Exfiltration Over Web Service
T1567.001Exfiltration to Code Repository
T1567.002Exfiltration to Cloud Storage
T1567.003Exfiltration to Text Storage Sites
T1567.004Exfiltration Over Webhook
T1029
Scheduled Transfer
T1537
Transfer Data to Cloud Account
14
TA0040
Impact
воздействие
14 техник
T1531
Account Access Removal
T1485
Data Destruction
T1486
Data Encrypted for Impact
T1565
0/3
Data Manipulation
T1565.001Stored Data Manipulation
T1565.002Transmitted Data Manipulation
T1565.003Runtime Data Manipulation
T1491
0/2
Defacement
T1491.001Internal Defacement
T1491.002External Defacement
T1561
0/2
Disk Wipe
T1561.001Disk Content Wipe
T1561.002Disk Structure Wipe
T1499
4/4
Endpoint Denial of Service
T1499.001OS Exhaustion Flood
T1499.002Service Exhaustion Flood
T1499.003Application Exhaustion Flood
T1499.004Application or System Exploitation
T1657
Financial Theft
T1495
Firmware Corruption
T1490
Inhibit System Recovery
T1498
2/2
Network Denial of Service
T1498.001Direct Network Flood
T1498.002Reflection Amplification
T1496
1/4
Resource Hijacking
T1496.001Compute Hijacking
T1496.002Bandwidth Hijacking
T1496.003SMS Pumping
T1496.004Cloud Service Hijacking
T1489
Service Stop
T1529
System Shutdown/Reboot

Страница отражает покрытие матрицы MITRE ATT&CK Enterprise на основе действующего набора правил детектирования и моделей машинного обучения UDV NTA.

Оценка ориентировочная: отдельные техники могут получать дополнительное косвенное покрытие через корреляцию событий и проактивный поиск угроз.

UDV NTA
UDV Group
© UDV Group, 2026. Все права защищены.