Home/ MITRE Matrix/ Initial Access/ T1200

T1200Hardware Additions

T1200 — Hardware Additions is a MITRE ATT&CK technique in the Initial Access tactic. Clankerusecase tracks 11 detection use cases covering it and 1 threat-intel article citing it.

Initial Access

View on the matrix → Filter Detection Library MITRE official spec ↗

11Use cases

1Articles

0Sub-techniques

1Tactic

Use cases covering this technique (11)

Linux Auditd Hardware Addition Swapoff ESCU actions · hunting P Linux Hardware Addition SwapOff ESCU actions · hunting P Windows Process Executed From Removable Media ESCU actions · hunting P Windows USBSTOR Registry Key Modification ESCU actions · hunting P Windows WPDBusEnum Registry Key Modification ESCU actions · hunting P Detect ARP Poisoning ESCU actions · alerting P Detect IPv6 Network Infrastructure Threats ESCU actions · alerting P Detect Port Security Violation ESCU actions · alerting P Detect Rogue DHCP Server ESCU actions · alerting P Detect Traffic Mirroring ESCU actions · alerting P [LLM] USB mass-storage attached followed by bulk file copy (UNC3753 physical intrusion) Bespoke actions · hunting DSPDDCS

Articles citing this technique (1)

crit UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign art-108