Skip to content

Hide Navigation Hide TOC

User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1)

Describes any guidance or training given to users to set particular configuration settings or avoid specific potentially risky behaviors.

Cluster A Galaxy A Cluster B Galaxy B Level
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242) Attack Pattern 1
Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Steal Application Access Token - T1635 (233fe2c0-cb41-4765-b454-e0087597fbce) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Remote Device Management Services - T1430.001 (9ef05e3d-52db-4c12-be4f-519214bbe91f) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e) Attack Pattern 1
SSL Pinning - T1521.003 (dfafc230-5465-4993-8dc5-f51fa9fec002) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Replication Through Removable Media - T1458 (667e5707-3843-4da8-bd34-88b922526f0d) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Account Access Removal - T1640 (e2c2249a-eb82-4614-8dd4-9c514dde65e2) Attack Pattern 1
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 1
URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
Endpoint Denial of Service - T1642 (eb6cf439-1bcb-4d10-bc68-1eed844ed7b3) Attack Pattern User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) Course of Action Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 1
Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3) Attack Pattern Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 2
Remote Device Management Services - T1430.001 (9ef05e3d-52db-4c12-be4f-519214bbe91f) Attack Pattern Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 2
SSL Pinning - T1521.003 (dfafc230-5465-4993-8dc5-f51fa9fec002) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) Attack Pattern Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 2
URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5) Attack Pattern Steal Application Access Token - T1635 (233fe2c0-cb41-4765-b454-e0087597fbce) Attack Pattern 2
Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286) Attack Pattern Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) Attack Pattern 2
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2