Skip to content

Hide Navigation Hide TOC

User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a)

User Training involves educating employees and contractors on recognizing, reporting, and preventing cyber threats that rely on human interaction, such as phishing, social engineering, and other manipulative techniques. Comprehensive training programs create a human firewall by empowering users to be an active component of the organization's cybersecurity defenses. This mitigation can be implemented through the following measures:

Create Comprehensive Training Programs:

  • Design training modules tailored to the organization's risk profile, covering topics such as phishing, password management, and incident reporting.
  • Provide role-specific training for high-risk employees, such as helpdesk staff or executives.

Use Simulated Exercises:

  • Conduct phishing simulations to measure user susceptibility and provide targeted follow-up training.
  • Run social engineering drills to evaluate employee responses and reinforce protocols.

Leverage Gamification and Engagement:

  • Introduce interactive learning methods such as quizzes, gamified challenges, and rewards for successful detection and reporting of threats.

Incorporate Security Policies into Onboarding:

  • Include cybersecurity training as part of the onboarding process for new employees.
  • Provide easy-to-understand materials outlining acceptable use policies and reporting procedures.

Regular Refresher Courses:

  • Update training materials to include emerging threats and techniques used by adversaries.
  • Ensure all employees complete periodic refresher courses to stay informed.

Emphasize Real-World Scenarios:

  • Use case studies of recent attacks to demonstrate the consequences of successful phishing or social engineering.
  • Discuss how specific employee actions can prevent or mitigate such attacks.
Cluster A Galaxy A Cluster B Galaxy B Level
Email Bombing - T1667 (bed81616-3dde-4685-be6e-ba9820f9a7ed) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 1
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 1
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 1
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 1
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 2
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 2
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 2
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern 2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern 2
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 2