Esc
Accessibility Features - T1546.008
(ATT&CK® Technique)
Definition
No definition available.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1546008["Accessibility Features"] --> |may-create| IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; class T1546008 OffensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; click T1546008 href "/offensive-technique/attack/T1546.008/"; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; T1546008["Accessibility Features"] --> |may-modify| SystemConfigurationDatabaseRecord["System Configuration Database Record"]; class T1546008 OffensiveTechniqueNode; class SystemConfigurationDatabaseRecord ArtifactNode; click SystemConfigurationDatabaseRecord href "/dao/artifact/d3f:SystemConfigurationDatabaseRecord"; click T1546008 href "/offensive-technique/attack/T1546.008/"; click SystemConfigurationDatabaseRecord href "/dao/artifact/d3f:SystemConfigurationDatabaseRecord"; T1546008["Accessibility Features"] --> |may-modify| ExecutableBinary["Executable Binary"]; class T1546008 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary"; click T1546008 href "/offensive-technique/attack/T1546.008/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary"; DecoyFile["Decoy File"] --> | spoofs | ExecutableBinary["Executable Binary"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1546008["Accessibility Features"] ; class DecoyFile DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; ConnectionAttemptAnalysis["Connection Attempt Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ConnectionAttemptAnalysis["Connection Attempt Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class ConnectionAttemptAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ConnectionAttemptAnalysis href "/technique/d3f:ConnectionAttemptAnalysis"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.-> | May Detect | T1546008["Accessibility Features"] ; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; Client-serverPayloadProfiling["Client-server Payload Profiling"] -.-> | May Detect | T1546008["Accessibility Features"] ; class Client-serverPayloadProfiling DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class AdministrativeNetworkActivityAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click AdministrativeNetworkActivityAnalysis href "/technique/d3f:AdministrativeNetworkActivityAnalysis"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.-> | May Detect | T1546008["Accessibility Features"] ; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.-> | May Detect | T1546008["Accessibility Features"] ; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableBinary["Executable Binary"]; EmulatedFileAnalysis["Emulated File Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableBinary["Executable Binary"]; DynamicAnalysis["Dynamic Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | ExecutableBinary["Executable Binary"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | May Detect | T1546008["Accessibility Features"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; FileRemoval["File Removal"] --> | deletes | ExecutableBinary["Executable Binary"]; FileRemoval["File Removal"] -.-> | May Evict | T1546008["Accessibility Features"] ; class FileRemoval DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click FileRemoval href "/technique/d3f:FileRemoval"; LocalFilePermissions["Local File Permissions"] --> | restricts | ExecutableBinary["Executable Binary"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1546008["Accessibility Features"] ; class LocalFilePermissions DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; FileEncryption["File Encryption"] --> | encrypts | ExecutableBinary["Executable Binary"]; FileEncryption["File Encryption"] -.-> | May Harden | T1546008["Accessibility Features"] ; class FileEncryption DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableBinary["Executable Binary"]; ExecutableDenylisting["Executable Denylisting"] -.-> | May Isolate | T1546008["Accessibility Features"] ; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableBinary["Executable Binary"]; ExecutableAllowlisting["Executable Allowlisting"] -.-> | May Isolate | T1546008["Accessibility Features"] ; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficFiltering["Network Traffic Filtering"] -.-> | May Isolate | T1546008["Accessibility Features"] ; class NetworkTrafficFiltering DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; RestoreFile["Restore File"] --> | restores | ExecutableBinary["Executable Binary"]; RestoreFile["Restore File"] -.-> | May Restore | T1546008["Accessibility Features"] ; class RestoreFile DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; RestoreConfiguration["Restore Configuration"] --> | restores | SystemConfigurationDatabaseRecord["System Configuration Database Record"]; RestoreConfiguration["Restore Configuration"] -.-> | May Restore | T1546008["Accessibility Features"] ; class RestoreConfiguration DefensiveTechniqueNode; class SystemConfigurationDatabaseRecord ArtifactNode; click RestoreConfiguration href "/technique/d3f:RestoreConfiguration"; FileAnalysis["File Analysis"] --> | analyzes | ExecutableBinary["Executable Binary"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1546008["Accessibility Features"] ; class FileAnalysis DefensiveTechniqueNode; class ExecutableBinary ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis";