Skip to content

Hide Navigation Hide TOC

Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0)

Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.

Cluster A Galaxy A Cluster B Galaxy B Level
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 1
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) Attack Pattern 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) Attack Pattern 1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action 1
Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) Course of Action Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 2
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern 2
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 2
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 2
Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) Attack Pattern Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) Attack Pattern 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) Attack Pattern 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern 2