detection.wiki

ATT&CK Detection Rule Coverage

14038 detection rules mapped to 662 MITRE ATT&CK techniques. Click a technique to see every rule written for it, grouped by vendor for easy comparison. Use the vendor chips to show or hide each rule source.

Reconnaissance 8

Active Scanning (3)
Scanning IP Blocks (11) Vulnerability Scanning (16) Wordlist Scanning (8)
Gather Victim Network Information (3)
Domain Properties (2) DNS (2) IP Addresses (4)
Gather Victim Host Information (3)
Hardware (1) Software (1) Client Configurations (5)
Gather Victim Identity Information (3)
Credentials (2) Email Addresses (3) Employee Names (1)
Phishing for Information (1)
Spearphishing Attachment (2)
Gather Victim Org Information (1)
Identify Roles (2)
Search Open Websites/Domains (1)
Code Repositories (2)
Search Open Technical Databases (1)

Resource Development 7

Compromise Accounts (1)
Cloud Accounts (36)
Develop Capabilities (3)
Malware (13) Code Signing Certificates (1) Digital Certificates (1)
Obtain Capabilities (3)
Malware (2) Tool (13) Digital Certificates (1)
Stage Capabilities (3)
Upload Malware (3) Upload Tool (1) Install Digital Certificate (1)
Compromise Infrastructure (2)
Domains (3) DNS Server (1)
Acquire Infrastructure (2)
Domains (1) Web Services (2)
Establish Accounts (1)
Cloud Accounts (1)

Initial Access 10

Valid Accounts (4)
Default Accounts (15) Domain Accounts (28) Local Accounts (23) Cloud Accounts (290)
Exploit Public-Facing Application (516)
Phishing (3)
Spearphishing Attachment (94) Spearphishing Link (57) Spearphishing via Service (1)
External Remote Services (216)
Supply Chain Compromise (2)
Compromise Software Dependencies and Development Tools (10) Compromise Software Supply Chain (51)
Drive-by Compromise (39)
Trusted Relationship (18)
Hardware Additions (14)
Replication Through Removable Media (9)
Content Injection (4)

Execution 17

Command and Scripting Interpreter (12)
PowerShell (471) AppleScript (27) Windows Command Shell (148) Unix Shell (162) Visual Basic (62) Python (54) JavaScript (70) Cloud API (6) AutoHotKey & AutoIT (1) Lua (9) Hypervisor CLI (9) Container CLI/API (1)
User Execution (5)
Malicious Link (16) Malicious File (145) Malicious Image (10) Malicious Copy and Paste (8) Malicious Library (1)
Hijack Execution Flow (13)
DLL (123) DLL Side-Loading (11) Dylib Hijacking (1) Executable Installer File Permissions Weakness (2) Dynamic Linker Hijacking (24) Path Interception by PATH Environment Variable (9) Path Interception by Search Order Hijacking (6) Path Interception by Unquoted Path (4) Services File Permissions Weakness (7) Services Registry Permissions Weakness (17) COR_PROFILER (2) KernelCallbackTable (2) AppDomainManager (1)
Scheduled Task/Job (5)
At (18) Cron (29) Scheduled Task (118) Systemd Timers (6) Container Orchestration Job (4)
Windows Management Instrumentation (117)
Exploitation for Client Execution (106)
System Services (2)
Launchctl (2) Service Execution (85)
Trusted Developer Utilities Proxy Execution (2)
MSBuild (22) ClickOnce (1)
Native API (35)
BITS Jobs (35)
Software Deployment Tools (31)
Inter-Process Communication (2)
Component Object Model (17) Dynamic Data Exchange (1)
Container Administration Command (27)
Deploy Container (22)
Cloud Administration Command (22)
Shared Modules (17)
Serverless Execution (12)

Discovery 33

Account Discovery (4)
Local Account (47) Domain Account (91) Email Account (1) Cloud Account (26)
System Information Discovery (158)
Permission Groups Discovery (3)
Local Groups (46) Domain Groups (74) Cloud Groups (8)
Network Service Discovery (96)
Remote System Discovery (85)
System Owner/User Discovery (78)
System Network Configuration Discovery (1)
Internet Connection Discovery (8)
File and Directory Discovery (67)
Domain Trust Discovery (57)
Cloud Service Discovery (44)
Container and Resource Discovery (43)
Software Discovery (1)
Security Software Discovery (19)
Cloud Infrastructure Discovery (42)
Network Share Discovery (36)
Query Registry (34)
System Network Connections Discovery (33)
Process Discovery (33)
Password Policy Discovery (30)
System Service Discovery (25)
Network Sniffing (24)
Virtualization/Sandbox Evasion (2)
System Checks (8) Time Based Checks (4)
Group Policy Discovery (10)
Cloud Storage Object Discovery (7)
Peripheral Device Discovery (6)
System Time Discovery (6)
System Location Discovery (1)
System Language Discovery (4)
Browser Information Discovery (4)
Cloud Service Dashboard (4)
Virtual Machine Discovery (4)
Application Window Discovery (2)
Debugger Evasion (2)
Log Enumeration (2)
Device Driver Discovery (1)

Credential Access 17

OS Credential Dumping (8)
LSASS Memory (168) Security Account Manager (58) NTDS (58) LSA Secrets (23) Cached Domain Credentials (16) DCSync (26) Proc Filesystem (5) /etc/passwd and /etc/shadow (13)
Brute Force (4)
Password Guessing (44) Password Cracking (3) Password Spraying (81) Credential Stuffing (31)
Unsecured Credentials (7)
Credentials In Files (76) Credentials in Registry (10) Shell History (3) Private Keys (28) Cloud Instance Metadata API (14) Group Policy Preferences (8) Container API (24)
Modify Authentication Process (7)
Password Filter DLL (5) Pluggable Authentication Modules (5) Network Device Authentication (2) Multi-Factor Authentication (33) Hybrid Identity (6) Network Provider DLL (1) Conditional Access Policies (13)
Credentials from Password Stores (5)
Keychain (8) Credentials from Web Browsers (19) Windows Credential Manager (15) Password Managers (4) Cloud Secrets Management Stores (8)
Steal or Forge Kerberos Tickets (5)
Golden Ticket (14) Silver Ticket (7) Kerberoasting (40) AS-REP Roasting (10) Ccache Files (3)
Steal Application Access Token (73)
Adversary-in-the-Middle (3)
Name Resolution Poisoning and SMB Relay (28) ARP Cache Poisoning (3) DHCP Spoofing (1)
Multi-Factor Authentication Request Generation (31)
Forced Authentication (29)
Steal or Forge Authentication Certificates (27)
Network Sniffing (24)
Steal Web Session Cookie (21)
Input Capture (3)
Keylogging (5) GUI Input Capture (5) Credential API Hooking (4)
Exploitation for Credential Access (20)
Forge Web Credentials (2)
Web Cookies (1) SAML Tokens (2)
Multi-Factor Authentication Interception (4)

Privilege Escalation 13

Valid Accounts (4)
Default Accounts (15) Domain Accounts (28) Local Accounts (23) Cloud Accounts (290)
Account Manipulation (7)
Additional Cloud Credentials (56) Additional Email Delegate Permissions (8) Additional Cloud Roles (107) SSH Authorized Keys (12) Device Registration (22) Additional Container Cluster Roles (12) Additional Local or Domain Groups (9)
Abuse Elevation Control Mechanism (6)
Setuid and Setgid (28) Bypass User Account Control (106) Sudo and Sudo Caching (58) Elevated Execution with Prompt (2) Temporary Elevated Cloud Access (7) TCC Manipulation (3)
Create or Modify System Process (5)
Launch Agent (11) Systemd Service (14) Windows Service (117) Launch Daemon (9) Container Service (2)
Event Triggered Execution (17)
Change Default File Association (7) Screensaver (8) Windows Management Instrumentation Event Subscription (23) Unix Shell Configuration Modification (14) Trap (1) Netsh Helper DLL (7) Accessibility Features (22) AppCert DLLs (5) AppInit DLLs (3) Application Shimming (11) Image File Execution Options Injection (10) PowerShell Profile (4) Emond (3) Component Object Model Hijacking (22) Installer Packages (9) Udev Rules (3) Python Startup Hooks (2)
Boot or Logon Autostart Execution (14)
Registry Run Keys / Startup Folder (87) Authentication Package (8) Time Providers (3) Winlogon Helper DLL (8) Security Support Provider (7) Kernel Modules and Extensions (28) LSASS Driver (4) Shortcut Modification (13) Port Monitors (11) Plist Modification (3) Print Processors (8) XDG Autostart Entries (5) Active Setup (4) Login Items (2)
Scheduled Task/Job (5)
At (18) Cron (29) Scheduled Task (118) Systemd Timers (6) Container Orchestration Job (4)
Process Injection (9)
Dynamic-link Library Injection (21) Portable Executable Injection (8) Thread Execution Hijacking (4) Asynchronous Procedure Call (2) Ptrace System Calls (4) Proc Memory (2) Extra Window Memory Injection (1) Process Hollowing (10) Process Doppelgänging (1)
Exploitation for Privilege Escalation (145)
Domain or Tenant Policy Modification (2)
Group Policy Modification (24) Trust Modification (15)
Access Token Manipulation (5)
Token Impersonation/Theft (23) Create Process with Token (18) Make and Impersonate Token (7) Parent PID Spoofing (6) SID-History Injection (6)
Escape to Host (51)
Boot or Logon Initialization Scripts (4)
Logon Script (Windows) (8) Login Hook (3) RC Scripts (11) Startup Items (2)

Lateral Movement 9

Remote Services (8)
Remote Desktop Protocol (80) SMB/Windows Admin Shares (108) Distributed Component Object Model (42) SSH (41) VNC (4) Windows Remote Management (37) Cloud Services (19) Direct Cloud VM Connections (4)
Use Alternate Authentication Material (4)
Application Access Token (55) Pass the Hash (16) Pass the Ticket (13) Web Session Cookie (8)
Exploitation of Remote Services (69)
Lateral Tool Transfer (46)
Software Deployment Tools (31)
Remote Service Session Hijacking (2)
SSH Hijacking (8) RDP Hijacking (8)
Replication Through Removable Media (9)
Taint Shared Content (4)
Internal Spearphishing (4)

Persistence 21

Valid Accounts (4)
Default Accounts (15) Domain Accounts (28) Local Accounts (23) Cloud Accounts (290)
Account Manipulation (7)
Additional Cloud Credentials (56) Additional Email Delegate Permissions (8) Additional Cloud Roles (107) SSH Authorized Keys (12) Device Registration (22) Additional Container Cluster Roles (12) Additional Local or Domain Groups (9)
Modify Registry (254)
Create or Modify System Process (5)
Launch Agent (11) Systemd Service (14) Windows Service (117) Launch Daemon (9) Container Service (2)
External Remote Services (216)
Event Triggered Execution (17)
Change Default File Association (7) Screensaver (8) Windows Management Instrumentation Event Subscription (23) Unix Shell Configuration Modification (14) Trap (1) Netsh Helper DLL (7) Accessibility Features (22) AppCert DLLs (5) AppInit DLLs (3) Application Shimming (11) Image File Execution Options Injection (10) PowerShell Profile (4) Emond (3) Component Object Model Hijacking (22) Installer Packages (9) Udev Rules (3) Python Startup Hooks (2)
Boot or Logon Autostart Execution (14)
Registry Run Keys / Startup Folder (87) Authentication Package (8) Time Providers (3) Winlogon Helper DLL (8) Security Support Provider (7) Kernel Modules and Extensions (28) LSASS Driver (4) Shortcut Modification (13) Port Monitors (11) Plist Modification (3) Print Processors (8) XDG Autostart Entries (5) Active Setup (4) Login Items (2)
Scheduled Task/Job (5)
At (18) Cron (29) Scheduled Task (118) Systemd Timers (6) Container Orchestration Job (4)
Create Account (3)
Local Account (49) Domain Account (18) Cloud Account (56)
Modify Authentication Process (7)
Password Filter DLL (5) Pluggable Authentication Modules (5) Network Device Authentication (2) Multi-Factor Authentication (33) Hybrid Identity (6) Network Provider DLL (1) Conditional Access Policies (13)
Server Software Component (6)
SQL Stored Procedures (18) Transport Agent (6) Web Shell (77) IIS Components (22) Terminal Services DLL (1) vSphere Installation Bundles (1)
Boot or Logon Initialization Scripts (4)
Logon Script (Windows) (8) Login Hook (3) RC Scripts (11) Startup Items (2)
BITS Jobs (35)
Compromise Host Software Binary (32)
Office Application Startup (6)
Office Template Macros (1) Office Test (3) Outlook Forms (1) Outlook Home Page (1) Outlook Rules (3) Add-ins (6)
Pre-OS Boot (3)
System Firmware (4) Bootkit (4) TFTP Boot (1)
Software Extensions (1)
Browser Extensions (5)
Implant Internal Image (5)
Redundant Access (3)
Traffic Signaling (1)
Port Knocking (1)
Power Settings (1)

Stealth 29

Valid Accounts (4)
Default Accounts (15) Domain Accounts (28) Local Accounts (23) Cloud Accounts (290)
System Binary Proxy Execution (13)
Compiled HTML File (22) Control Panel (10) CMSTP (24) InstallUtil (16) Mshta (55) Msiexec (51) Odbcconf (17) Regsvcs/Regasm (17) Regsvr32 (50) Rundll32 (124) Verclsid (1) Mavinject (3) MMC (22)
Impair Defenses (8)
Disable or Modify Tools (158) Disable Windows Event Logging (12) Impair Command History Logging (1) Disable or Modify System Firewall (25) Indicator Blocking (8) Disable or Modify Cloud Firewall (53) Disable or Modify Cloud Logs (67) Downgrade Attack (5)
Masquerading (9)
Invalid Code Signature (18) Right-to-Left Override (6) Rename Legitimate Utilities (55) Masquerade Task or Service (17) Match Legitimate Resource Name or Location (62) Space after Filename (3) Double File Extension (6) Masquerade File Type (8) Break Process Trees (6)
Hijack Execution Flow (13)
DLL (123) DLL Side-Loading (11) Dylib Hijacking (1) Executable Installer File Permissions Weakness (2) Dynamic Linker Hijacking (24) Path Interception by PATH Environment Variable (9) Path Interception by Search Order Hijacking (6) Path Interception by Unquoted Path (4) Services File Permissions Weakness (7) Services Registry Permissions Weakness (17) COR_PROFILER (2) KernelCallbackTable (2) AppDomainManager (1)
Obfuscated Files or Information (11)
Binary Padding (6) Software Packing (1) Steganography (5) Compile After Delivery (14) Indicator Removal from Tools (6) HTML Smuggling (1) Embedded Payloads (2) Command Obfuscation (39) Fileless Storage (3) Encrypted/Encoded File (6) Compression (3)
Indicator Removal (8)
Clear Windows Event Logs (14) Clear Linux or Mac System Logs (4) Clear Command History (15) File Deletion (46) Network Share Connection Removal (6) Timestomp (15) Clear Mailbox Data (9) Clear Persistence (2)
Process Injection (9)
Dynamic-link Library Injection (21) Portable Executable Injection (8) Thread Execution Hijacking (4) Asynchronous Procedure Call (2) Ptrace System Calls (4) Proc Memory (2) Extra Window Memory Injection (1) Process Hollowing (10) Process Doppelgänging (1)
Hide Artifacts (6)
Hidden Files and Directories (28) Hidden Users (10) Hidden Window (13) NTFS File Attributes (34) Run Virtual Instance (9) Email Hiding Rules (9)
Deobfuscate/Decode Files or Information (79)
Access Token Manipulation (5)
Token Impersonation/Theft (23) Create Process with Token (18) Make and Impersonate Token (7) Parent PID Spoofing (6) SID-History Injection (6)
Indirect Command Execution (69)
Trusted Developer Utilities Proxy Execution (2)
MSBuild (22) ClickOnce (1)
BITS Jobs (35)
Rootkit (30)
Virtualization/Sandbox Evasion (2)
System Checks (8) Time Based Checks (4)
System Script Proxy Execution (1)
PubPrn (2)
Pre-OS Boot (3)
System Firmware (4) Bootkit (4) TFTP Boot (1)
Exploitation for Stealth (15)
XSL Script Processing (15)
Reflective Code Loading (12)
Unused/Unsupported Cloud Regions (10)
Direct Volume Access (8)
Redundant Access (3)
Template Injection (2)
Execution Guardrails (2)
Debugger Evasion (2)
Traffic Signaling (1)
Port Knocking (1)
Impersonation (1)

Defense Impairment 17

Disable or Modify Tools (5)
Disable or Modify Windows Event Log (41) Disable or Modify Cloud Log (22) Disable or Modify Linux Audit System Log (4) Clear Windows Event Logs (12) Clear Linux or Mac System Logs (4)
Modify Registry (254)
Modify Authentication Process (7)
Password Filter DLL (5) Pluggable Authentication Modules (5) Network Device Authentication (2) Multi-Factor Authentication (33) Hybrid Identity (6) Network Provider DLL (1) Conditional Access Policies (13)
Domain or Tenant Policy Modification (2)
Group Policy Modification (24) Trust Modification (15)
File and Directory Permissions Modification (2)
Windows Permissions (41) Linux and Mac Permissions (18)
Subvert Trust Controls (6)
Gatekeeper Bypass (8) Code Signing (6) SIP and Trust Provider Hijacking (7) Install Root Certificate (17) Mark-of-the-Web Bypass (13) Code Signing Policy Modification (2)
Disable or Modify System Firewall (2)
Cloud Firewall (12) Windows Host Firewall (20)
Modify Cloud Compute Infrastructure (5)
Create Snapshot (1) Create Cloud Instance (5) Delete Cloud Instance (2) Revert Cloud Instance (1) Modify Cloud Compute Configurations (15)
Rogue Domain Controller (13)
Network Boundary Bridging (1)
Network Address Translation Traversal (1)
Plist File Modification (6)
Weaken Encryption (1)
Reduce Key Space (2)
Prevent Command History Logging (3)
Modify System Image (1)
Patch System Image (2)
Downgrade Attack (2)
Modify Cloud Resource Hierarchy (1)
Safe Mode Boot (1)

Collection 16

Data from Cloud Storage (80)
Data from Local System (70)
Email Collection (3)
Local Email Collection (14) Remote Email Collection (19) Email Forwarding Rule (16)
Adversary-in-the-Middle (3)
Name Resolution Poisoning and SMB Relay (28) ARP Cache Poisoning (3) DHCP Spoofing (1)
Data from Information Repositories (3)
Sharepoint (4) Code Repositories (14) Databases (3)
Archive Collected Data (2)
Archive via Utility (35) Archive via Library (3)
Automated Collection (35)
Data Staged (2)
Local Data Staging (19) Remote Data Staging (4)
Screen Capture (24)
Input Capture (3)
Keylogging (5) GUI Input Capture (5) Credential API Hooking (4)
Clipboard Data (20)
Browser Session Hijacking (17)
Data from Network Shared Drive (14)
Audio Capture (11)
Video Capture (8)
Data from Removable Media (5)

Command & Control 15

Application Layer Protocol (4)
Web Protocols (107) File Transfer Protocols (8) Mail Protocols (4) DNS (44)
Ingress Tool Transfer (265)
Remote Access Tools (1)
Remote Desktop Software (50)
Proxy (4)
Internal Proxy (10) External Proxy (7) Multi-hop Proxy (13) Domain Fronting (1)
Protocol Tunneling (82)
Web Service (3)
Dead Drop Resolver (8) Bidirectional Communication (19) One-Way Communication (4)
Non-Application Layer Protocol (42)
Dynamic Resolution (2)
Fast Flux DNS (1) Domain Generation Algorithms (14)
Non-Standard Port (27)
Encrypted Channel (1)
Asymmetric Cryptography (9)
Fallback Channels (16)
Data Encoding (1)
Standard Encoding (6)
Data Obfuscation (1)
Protocol or Service Impersonation (3)
Content Injection (4)
Traffic Signaling (1)
Port Knocking (1)

Exfiltration 9

Exfiltration Over Web Service (4)
Exfiltration to Code Repository (11) Exfiltration to Cloud Storage (43) Exfiltration to Text Storage Sites (3) Exfiltration Over Webhook (1)
Exfiltration Over Alternative Protocol (3)
Exfiltration Over Symmetric Encrypted Non-C2 Protocol (2) Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (4) Exfiltration Over Unencrypted Non-C2 Protocol (31)
Exfiltration Over C2 Channel (77)
Transfer Data to Cloud Account (55)
Automated Exfiltration (1)
Traffic Duplication (1)
Data Transfer Size Limits (26)
Exfiltration Over Physical Medium (1)
Exfiltration over USB (4)
Exfiltration Over Other Network Medium (1)
Exfiltration Over Bluetooth (1)
Scheduled Transfer (2)

Impact 14

Data Destruction (1)
Lifecycle-Triggered Deletion (4)
Inhibit System Recovery (96)
Service Stop (78)
Data Encrypted for Impact (75)
Data Manipulation (2)
Stored Data Manipulation (26) Transmitted Data Manipulation (3)
Account Access Removal (62)
Resource Hijacking (2)
Compute Hijacking (2) Cloud Service Hijacking (5)
Network Denial of Service (1)
Reflection Amplification (1)
Endpoint Denial of Service (4)
OS Exhaustion Flood (1) Service Exhaustion Flood (2) Application Exhaustion Flood (2) Application or System Exploitation (4)
System Shutdown/Reboot (35)
Defacement (2)
Internal Defacement (4) External Defacement (1)
Disk Wipe (2)
Disk Content Wipe (2) Disk Structure Wipe (3)
Firmware Corruption (1)
Financial Theft (1)

MITRE ATT&CK Mobile

Network Effects 0

No techniques tracked.

Remote Service Effects 0

No techniques tracked.

Initial Access 3

Supply Chain Compromise (2)
Drive-By Compromise (1)
Phishing (1)

Execution 1

Command and Scripting Interpreter (1)

Persistence 3

Foreground Persistence (1)
Event Triggered Execution (1)
Hijack Execution Flow (1)

Privilege Escalation 3

Abuse Elevation Control Mechanism (2)
Exploitation for Privilege Escalation (1)
Process Injection (1)

Defense Evasion 11

Impair Defenses (7)
Indicator Removal on Host (2)
Obfuscated Files or Information (1)
Input Injection (1)
Foreground Persistence (1)
Hooking (1)
Execution Guardrails (1)
Hide Artifacts (1)
Process Injection (1)
Virtualization/Sandbox Evasion (1)
Masquerading (1)

Credential Access 5

Input Capture (2)
Steal Application Access Token (2)
Clipboard Data (1)
Access Notifications (1)
Credentials from Password Store (1)

Discovery 5

Software Discovery (3)
Process Discovery (2)
System Network Configuration Discovery (1)
Network Service Scanning (1)
Location Tracking (1)

Lateral Movement 1

Exploitation of Remote Services (1)

Collection 12

Input Capture (2)
Protected User Data (1)
Contact List (1)
Stored Application Data (1)
Clipboard Data (1)
Audio Capture (1)
Location Tracking (1)
Video Capture (1)
Screen Capture (1)
Access Notifications (1)
Archive Collected Data (1)
Call Control (1)
Adversary-in-the-Middle (1)

Command and Control 4

Web Service (1)
Non-Standard Port (1)
Ingress Tool Transfer (1)
Call Control (1)

Exfiltration 1

Exfiltration Over Alternative Protocol (1)

Impact 8

Data Manipulation (2)
Data Encrypted for Impact (1)
Input Injection (1)
SMS Control (1)
Call Control (1)
Account Access Removal (1)
Endpoint Denial of Service (1)
Generate Traffic from Victim (1)

MITRE ATT&CK ICS

Initial Access 8

Spearphishing Attachment (5)
Exploitation of Remote Services (5)
Remote Services (4)
Exploit Public-Facing Application (3)
External Remote Services (1)
Rogue Master (1)
Supply Chain Compromise (1)
Internet Accessible Device (1)

Execution 5

Scripting (7)
Execution through API (5)
Change Operating Mode (4)
User Execution (4)
Native API (1)

Persistence 5

Valid Accounts (7)
Project File Infection (3)
System Firmware (2)
Module Firmware (1)
Modify Program (1)

Privilege Escalation 1

Exploitation for Privilege Escalation (4)

Evasion 2

Change Operating Mode (4)
Rootkit (1)

Discovery 4

Network Sniffing (4)
Network Connection Enumeration (1)
Remote System Discovery (1)
Remote System Information Discovery (1)

Lateral Movement 4

Valid Accounts (7)
Exploitation of Remote Services (5)
Remote Services (4)
Program Download (2)

Collection 1

Program Upload (1)

Command and Control 2

Connection Proxy (1)
Commonly Used Port (1)

Inhibit Response Function 5

System Firmware (2)
Denial of Service (1)
Device Restart/Shutdown (1)
Rootkit (1)
Service Stop (1)

Impair Process Control 4

Unauthorized Command Message (3)
Brute Force I/O (1)
Modify Parameter (1)
Module Firmware (1)

Impact 8

Loss of Availability (4)
Denial of Control (3)
Loss of Control (2)
Loss of Productivity and Revenue (2)
Theft of Operational Information (2)
Manipulation of Control (1)
Loss of Protection (1)
Damage to Property (1)