Skip to content

Hide Navigation Hide TOC

Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96)

Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Exfiltration to Text Storage Sites - T1567.003 (ba04e672-da86-4e69-aa15-0eca5db25f43) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) Course of Action 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 2
Exfiltration to Text Storage Sites - T1567.003 (ba04e672-da86-4e69-aa15-0eca5db25f43) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 2