Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Exfiltration to Text Storage Sites - T1567.003 (ba04e672-da86-4e69-aa15-0eca5db25f43) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
Restrict Web-Based Content - M1021 (21da4fd4-27ad-4e9c-b93d-0b9b14d02c96) |
Course of Action |
1 |
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) |
Attack Pattern |
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
2 |
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
2 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) |
Attack Pattern |
2 |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) |
Attack Pattern |
2 |
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
2 |
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) |
Attack Pattern |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
2 |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) |
Attack Pattern |
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
2 |
Exfiltration to Text Storage Sites - T1567.003 (ba04e672-da86-4e69-aa15-0eca5db25f43) |
Attack Pattern |
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
2 |
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) |
Attack Pattern |
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) |
Attack Pattern |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
2 |