Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) |
Attack Pattern |
1 |
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) |
Attack Pattern |
1 |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) |
Attack Pattern |
1 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
1 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
1 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) |
Attack Pattern |
1 |
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) |
Attack Pattern |
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) |
Course of Action |
1 |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
2 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) |
Attack Pattern |
2 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) |
Attack Pattern |
2 |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
2 |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) |
Attack Pattern |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) |
Attack Pattern |
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) |
Attack Pattern |
2 |
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) |
Attack Pattern |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
2 |
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) |
Attack Pattern |
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) |
Attack Pattern |
2 |
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) |
Attack Pattern |
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) |
Attack Pattern |
2 |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) |
Attack Pattern |
2 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
2 |
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) |
Attack Pattern |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
2 |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
2 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
2 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) |
Attack Pattern |
2 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
2 |
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
2 |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
2 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
2 |
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) |
Attack Pattern |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
2 |
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) |
Attack Pattern |
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) |
Attack Pattern |
2 |
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) |
Attack Pattern |
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) |
Attack Pattern |
2 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) |
Attack Pattern |
2 |
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) |
Attack Pattern |
2 |
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) |
Attack Pattern |
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) |
Attack Pattern |
2 |
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) |
Attack Pattern |
2 |