Skip to content

Hide Navigation Hide TOC

User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a)

User Training involves educating employees and contractors on recognizing, reporting, and preventing cyber threats that rely on human interaction, such as phishing, social engineering, and other manipulative techniques. Comprehensive training programs create a human firewall by empowering users to be an active component of the organization's cybersecurity defenses. This mitigation can be implemented through the following measures:

Create Comprehensive Training Programs:

  • Design training modules tailored to the organization's risk profile, covering topics such as phishing, password management, and incident reporting.
  • Provide role-specific training for high-risk employees, such as helpdesk staff or executives.

Use Simulated Exercises:

  • Conduct phishing simulations to measure user susceptibility and provide targeted follow-up training.
  • Run social engineering drills to evaluate employee responses and reinforce protocols.

Leverage Gamification and Engagement:

  • Introduce interactive learning methods such as quizzes, gamified challenges, and rewards for successful detection and reporting of threats.

Incorporate Security Policies into Onboarding:

  • Include cybersecurity training as part of the onboarding process for new employees.
  • Provide easy-to-understand materials outlining acceptable use policies and reporting procedures.

Regular Refresher Courses:

  • Update training materials to include emerging threats and techniques used by adversaries.
  • Ensure all employees complete periodic refresher courses to stay informed.

Emphasize Real-World Scenarios:

  • Use case studies of recent attacks to demonstrate the consequences of successful phishing or social engineering.
  • Discuss how specific employee actions can prevent or mitigate such attacks.
Cluster A Galaxy A Cluster B Galaxy B Level
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 1
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 1
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 1
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 1
Email Bombing - T1667 (bed81616-3dde-4685-be6e-ba9820f9a7ed) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 2
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern 2
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2