Skip to content

Latest commit

 

History

History
316 lines (314 loc) · 80.4 KB

uc_cryptomining.md

File metadata and controls

316 lines (314 loc) · 80.4 KB
Raw

Use Case: Cryptomining

Vendor: Akamai

Product MITRE ATT&CK® TTP Content
Cloud Akamai T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Amazon

Product MITRE ATT&CK® TTP Content
AWS CloudTrail T1074 - Data Staged
T1496 - Resource Hijacking
  • 1 Rules
  • 1 Models
AWS CloudWatch T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
AWS Elastic Load Balancer T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
AWS WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Apache

Product MITRE ATT&CK® TTP Content
Apache T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Auth0

Product MITRE ATT&CK® TTP Content
Auth0 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: BeyondTrust

Product MITRE ATT&CK® TTP Content
BeyondInsight T1496 - Resource Hijacking
  • 1 Rules
BeyondTrust T1496 - Resource Hijacking
  • 1 Rules

Vendor: Bitdefender

Product MITRE ATT&CK® TTP Content
GravityZone T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: CatoNetworks

Product MITRE ATT&CK® TTP Content
Cato Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Check Point

Product MITRE ATT&CK® TTP Content
Check Point NGFW T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Cisco

Product MITRE ATT&CK® TTP Content
Cisco ACS T1496 - Resource Hijacking
  • 1 Rules
Cisco ADC T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Cisco Adaptive Security Appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules
Cisco Cloud Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Cisco Firepower T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules
Cisco IOS T1496 - Resource Hijacking
  • 1 Rules
Cisco Meraki MX appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Cisco Secure Web Appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Cisco Umbrella T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
IronPort Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Citrix

Product MITRE ATT&CK® TTP Content
Citrix Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules

Vendor: Cloudflare

Product MITRE ATT&CK® TTP Content
Cloudflare WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: CrowdStrike

Product MITRE ATT&CK® TTP Content
Falcon T1496 - Resource Hijacking
  • 1 Rules

Vendor: Delinea

Product MITRE ATT&CK® TTP Content
Centrify Infrastructure Services T1496 - Resource Hijacking
  • 1 Rules

Vendor: Dell

Product MITRE ATT&CK® TTP Content
Sonicwall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Digital Arts

Product MITRE ATT&CK® TTP Content
Digital Arts i-FILTER for Business T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Digital Guardian

Product MITRE ATT&CK® TTP Content
Digital Guardian Endpoint Protection T1496 - Resource Hijacking
  • 1 Rules

Vendor: Dtex Systems

Product MITRE ATT&CK® TTP Content
DTEX InTERCEPT T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules

Vendor: EdgeWave

Product MITRE ATT&CK® TTP Content
EdgeWave iPrism T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: F5

Product MITRE ATT&CK® TTP Content
F5 Advanced Web Application Firewall T1496 - Resource Hijacking
  • 1 Rules
F5 Application Security Manager T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
F5 WebSafe T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: FireEye

Product MITRE ATT&CK® TTP Content
FireEye CMS T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
FireEye Network Security (NX) T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Forcepoint

Product MITRE ATT&CK® TTP Content
Forcepoint CASB T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Websense Security Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Fortinet

Product MITRE ATT&CK® TTP Content
FortiGate T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Fortinet Enterprise Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Fortinet UTM T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Fortiweb Web Application Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: GitHub

Product MITRE ATT&CK® TTP Content
GitHub T1496 - Resource Hijacking
  • 1 Rules

Vendor: Google

Product MITRE ATT&CK® TTP Content
GCP CloudAudit T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Google Cloud Platform T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1074 - Data Staged
T1496 - Resource Hijacking
  • 2 Rules
  • 1 Models

Vendor: HP

Product MITRE ATT&CK® TTP Content
HPE Comware T1496 - Resource Hijacking
  • 1 Rules

Vendor: HashiCorp

Product MITRE ATT&CK® TTP Content
Terraform T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: HelpSystems

Product MITRE ATT&CK® TTP Content
Powertech Identity and Access Manager T1496 - Resource Hijacking
  • 1 Rules

Vendor: Huawei

Product MITRE ATT&CK® TTP Content
Huawei Unified Security Gateway T1496 - Resource Hijacking
  • 1 Rules

Vendor: IBM

Product MITRE ATT&CK® TTP Content
Security Access Manager T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Imperva

Product MITRE ATT&CK® TTP Content
Imperva Incapsula T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: InfoWatch

Product MITRE ATT&CK® TTP Content
InfoWatch DLP T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Infoblox

Product MITRE ATT&CK® TTP Content
BloxOne DDI T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Ivanti

Product MITRE ATT&CK® TTP Content
Ivanti Pulse Secure T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Juniper Networks

Product MITRE ATT&CK® TTP Content
Juniper SRX Series T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Junos OS T1496 - Resource Hijacking
  • 1 Rules

Vendor: Kasada

Product MITRE ATT&CK® TTP Content
Kasada T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: LanScope

Product MITRE ATT&CK® TTP Content
LanScope Cat T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules

Vendor: LogRhythm

Product MITRE ATT&CK® TTP Content
LogRhythm T1496 - Resource Hijacking
  • 1 Rules

Vendor: Malwarebytes

Product MITRE ATT&CK® TTP Content
Malwarebytes Endpoint Detection and Response T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: McAfee

Product MITRE ATT&CK® TTP Content
McAfee Web Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Menlo Security

Product MITRE ATT&CK® TTP Content
Menlo Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Microsoft

Product MITRE ATT&CK® TTP Content
Azure Monitor T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules
  • 1 Models
Azure Monitor - VM Insights T1496 - Resource Hijacking
  • 1 Rules
Event Viewer - PowerShell T1496 - Resource Hijacking
  • 1 Rules
Event Viewer - Security T1496 - Resource Hijacking
  • 1 Rules
Microsoft 365 T1496 - Resource Hijacking
  • 1 Rules
Microsoft Defender for Endpoint T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules
Microsoft IIS T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Microsoft Sentinel T1496 - Resource Hijacking
  • 1 Rules
Microsoft WMI Log T1496 - Resource Hijacking
  • 1 Rules
Microsoft Web Application Proxy T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Sysmon T1496 - Resource Hijacking
  • 1 Rules
Web Application Proxy-TLS Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Mimecast

Product MITRE ATT&CK® TTP Content
Mimecast Targeted Threat Protection - URL T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Netskope

Product MITRE ATT&CK® TTP Content
Netskope Security Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Netskope Webtx T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: NextDLP

Product MITRE ATT&CK® TTP Content
Reveal T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Oracle

Product MITRE ATT&CK® TTP Content
Solaris T1496 - Resource Hijacking
  • 1 Rules

Vendor: Palo Alto Networks

Product MITRE ATT&CK® TTP Content
Palo Alto NGFW T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Prisma Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Prisma Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Ping Identity

Product MITRE ATT&CK® TTP Content
Ping Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Proofpoint

Product MITRE ATT&CK® TTP Content
ObserveIT T1496 - Resource Hijacking
  • 1 Rules

Vendor: SIGSCI

Product MITRE ATT&CK® TTP Content
SIGSCI T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Sangfor

Product MITRE ATT&CK® TTP Content
Sangfor NGAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: SentinelOne

Product MITRE ATT&CK® TTP Content
Singularity Platform T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules

Vendor: SkySea

Product MITRE ATT&CK® TTP Content
SkySea ClientView T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules

Vendor: Skyhigh Security

Product MITRE ATT&CK® TTP Content
Skyhigh Security Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Sophos

Product MITRE ATT&CK® TTP Content
Sophos Endpoint Protection T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Sophos UTM T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Sophos XG Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Squid

Product MITRE ATT&CK® TTP Content
Squid T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Symantec

Product MITRE ATT&CK® TTP Content
Symantec Advanced Threat Protection T1496 - Resource Hijacking
  • 1 Rules
Symantec Fireglass T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Symantec Web Security Service T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Tanium

Product MITRE ATT&CK® TTP Content
Tanium Core Platform T1496 - Resource Hijacking
  • 1 Rules
Tanium Integrity Monitor T1496 - Resource Hijacking
  • 1 Rules

Vendor: Trend Micro

Product MITRE ATT&CK® TTP Content
Deep Security T1496 - Resource Hijacking
  • 1 Rules
OfficeScan T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Unix

Product MITRE ATT&CK® TTP Content
Auditbeat T1496 - Resource Hijacking
  • 1 Rules
Unix T1496 - Resource Hijacking
  • 1 Rules
Unix Auditd T1496 - Resource Hijacking
  • 1 Rules

Vendor: VMware

Product MITRE ATT&CK® TTP Content
Carbon Black App Control T1496 - Resource Hijacking
  • 1 Rules
Carbon Black CES T1496 - Resource Hijacking
  • 1 Rules
Carbon Black EDR T1496 - Resource Hijacking
  • 1 Rules

Vendor: Vectra

Product MITRE ATT&CK® TTP Content
Vectra Cognito Stream T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Watchguard

Product MITRE ATT&CK® TTP Content
Watchguard T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Weblogin

Product MITRE ATT&CK® TTP Content
Weblogin T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Zeek

Product MITRE ATT&CK® TTP Content
Zeek T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor: Zscaler

Product MITRE ATT&CK® TTP Content
Zscaler Internet Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Zscaler Private Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules

Vendor:

Vendor: iBoss

Product MITRE ATT&CK® TTP Content
Iboss Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules