Skip to content

Latest commit

 

History

History
23 lines (21 loc) · 7.66 KB

ds_unix_unix_dhcpd.md

File metadata and controls

23 lines (21 loc) · 7.66 KB

Vendor: Unix

Product: Unix dhcpd

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
45 18 7 4 11
Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access account-password-change
unix-dhcpd-str-dhcp-discoverdhcpd
unix-dhcpd-str-dhcp-discover-nofreeleases
unix-dhcpd-csv-dns-record-delete-fail-notdeleted
unix-dhcpd-str-dhcp-acknowledge-dhcpack
unix-dhcpd-str-app-notification-balancingpool
unix-dhcpd-str-app-notification-reuselease
unix-dhcpd-str-app-notification-balancedpool

app-login
unix-unixdhcpd-str-endpoint-notification-parameter

audit-log-clear
unix-dhcpd-mix-dhcp-offer-dhcpoffer

authentication-successful
unix-dhcpd-str-dhcp-traffic-dhcpd
unix-dhcpd-csv-dhcp-traffic-release
unix-dhcpd-str-dhcp-traffic-dhcpnak
unix-dhcpd-str-dhcp-traffic-dhcprelease
unix-dhcpd-csv-dhcp-traffic-expired
unix-dhcpd-str-dhcp-traffic-dhcpinform
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulation account-password-change
unix-dhcpd-str-dhcp-discoverdhcpd
unix-dhcpd-str-dhcp-discover-nofreeleases
unix-dhcpd-csv-dns-record-delete-fail-notdeleted
unix-dhcpd-str-dhcp-acknowledge-dhcpack
unix-dhcpd-str-app-notification-balancingpool
unix-dhcpd-str-app-notification-reuselease
unix-dhcpd-str-app-notification-balancedpool
 T1098 - Account Manipulation
  • 1 Rules
Audit Tampering audit-log-clear
unix-dhcpd-mix-dhcp-offer-dhcpoffer
 T1070.001 - Indicator Removal on Host: Clear Windows Event Logs
T1562.002 - T1562.002
  • 4 Rules
  • 2 Models
Data Access app-login
unix-unixdhcpd-str-endpoint-notification-parameter
 T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Evasion audit-log-clear
unix-dhcpd-mix-dhcp-offer-dhcpoffer
 T1070.001 - Indicator Removal on Host: Clear Windows Event Logs
  • 1 Rules
Privileged Activity app-login
unix-unixdhcpd-str-endpoint-notification-parameter
 T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

Account Manipulation

 Valid Accounts

 Impair Defenses

Indicator Removal on Host: Clear Windows Event Logs

Valid Accounts

Indicator Removal on Host

 Proxy: Multi-hop Proxy

Proxy