| A | B | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 3 | 9 | 0 | 2 | 2 | 15 | 6 | 21 | 0 | 11 | 23 | 6 | ||||||||
2 | Detections | Sequence of Events (SOE) Analysis | Protocol Analysis | Crisis Management | Site Walkthrough | Shodan Review | Security Information and Event Management (SIEM) Log Analysis | Firewall Log Review | Consequence-Driven Threat Hunting | Employee Interviews | User and Entity Behavior Analytics (UEBA) | Endpoint Analysis | Memory Analysis | Cyber Deception | ||||||
3 | ||||||||||||||||||||
4 | Type | Card Name | ||||||||||||||||||
5 | C&C/Exfil | Screenshot Exfil | x | x | x | |||||||||||||||
6 | C&C/Exfil | Bridged System | x | x | ||||||||||||||||
7 | C&C/Exfil | Exfiltration Over Physical Medium | x | x | ||||||||||||||||
8 | C&C/Exfil | HTTP as Exfil | x | x | ||||||||||||||||
9 | C&C/Exfil | TCP Handshakes as Morse Code | x | x | x | |||||||||||||||
10 | C&C/Exfil | DNS as C2 | x | x | x | x | ||||||||||||||
11 | Initial Compromise | Vendor Portal | x | x | x | |||||||||||||||
12 | Initial Compromise | Dual-Homed Device | x | x | x | x | ||||||||||||||
13 | Initial Compromise | Infected Authorized Vendor Laptop | x | x | x | x | ||||||||||||||
14 | Initial Compromise | Data Historian Compromise | x | x | x | x | ||||||||||||||
15 | Initial Compromise | IT Compromised With Shared Domain Trust | x | x | x | |||||||||||||||
16 | Initial Compromise | Dirty USB | x | x | x | x | ||||||||||||||
17 | Initial Compromise | Insider Threat | x | x | ||||||||||||||||
18 | Initial Compromise | Exploitable API | x | x | x | x | ||||||||||||||
19 | Persist | Stolen Engineering Workstation (EWS) Account | x | x | x | |||||||||||||||
20 | Persist | Malicious Logon Scripts | x | x | x | x | x | |||||||||||||
21 | Persist | GPO Modification | x | x | x | x | ||||||||||||||
22 | Persist | Malicious Report Macros | x | x | x | x | ||||||||||||||
23 | Persist | HMI Graphics Manipulation | x | x | x | |||||||||||||||
24 | Persist | Malicious Firmware | x | x | x | x | ||||||||||||||
25 | Persist | Autorun Malware | x | x | x | |||||||||||||||
26 | Persist | New User Added | x | |||||||||||||||||
27 | Persist | Accessibility Features | x | |||||||||||||||||
28 | Pivot & Escalate | EWS Issues Rogue Commands | x | x | x | x | ||||||||||||||
29 | Pivot & Escalate | Modifying Read/Write Scripts | x | x | x | |||||||||||||||
30 | Pivot & Escalate | Internal Password Spray | x | x | x | x | ||||||||||||||
31 | Pivot & Escalate | Broadcast/Multicast Protocol Poisoning | x | x | x | x | ||||||||||||||
32 | Pivot & Escalate | New Service Creation/Modification | x | x | x | |||||||||||||||
33 | Pivot & Escalate | Local Privilege Escalation | x | x | x | |||||||||||||||
34 | Pivot & Escalate | GPO Push of Scheduled Tasks | x | x | x | |||||||||||||||
35 | Pivot & Escalate | Malicious Project Files | x | x | x | x | x |