{"description": "ICS techniques mitigated by Application Isolation and Sandboxing, ATT&CK mitigation M0948 (v1.0)", "name": "Application Isolation and Sandboxing (M0948)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0817", "comment": "Built-in browser sandboxes and application isolation may be used to contain web-based malware.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0819", "comment": "Application isolation will limit the other processes and system features an exploited target can access. Examples of built in features are software restriction policies, AppLocker for Windows, and SELinux or AppArmor for Linux.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0820", "comment": "Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. (Citation: Dan Goodin March 2017)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0890", "comment": "Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. (Citation: Dan Goodin March 2017)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0866", "comment": "Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist. (Citation: Dan Goodin March 2017)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0853", "comment": "Consider the use of application isolation and sandboxing to restrict specific operating system interactions such as access through user accounts, services, system calls, registry, and network access. This may be even more useful in cases where the source of the executed script is unknown.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Application Isolation and Sandboxing", "color": "#66b1ff"}]}