Skip to content

Hide Navigation Hide TOC

User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a)

User Training involves educating employees and contractors on recognizing, reporting, and preventing cyber threats that rely on human interaction, such as phishing, social engineering, and other manipulative techniques. Comprehensive training programs create a human firewall by empowering users to be an active component of the organization's cybersecurity defenses. This mitigation can be implemented through the following measures:

Create Comprehensive Training Programs:

  • Design training modules tailored to the organization's risk profile, covering topics such as phishing, password management, and incident reporting.
  • Provide role-specific training for high-risk employees, such as helpdesk staff or executives.

Use Simulated Exercises:

  • Conduct phishing simulations to measure user susceptibility and provide targeted follow-up training.
  • Run social engineering drills to evaluate employee responses and reinforce protocols.

Leverage Gamification and Engagement:

  • Introduce interactive learning methods such as quizzes, gamified challenges, and rewards for successful detection and reporting of threats.

Incorporate Security Policies into Onboarding:

  • Include cybersecurity training as part of the onboarding process for new employees.
  • Provide easy-to-understand materials outlining acceptable use policies and reporting procedures.

Regular Refresher Courses:

  • Update training materials to include emerging threats and techniques used by adversaries.
  • Ensure all employees complete periodic refresher courses to stay informed.

Emphasize Real-World Scenarios:

  • Use case studies of recent attacks to demonstrate the consequences of successful phishing or social engineering.
  • Discuss how specific employee actions can prevent or mitigate such attacks.
Cluster A Galaxy A Cluster B Galaxy B Level
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 1
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern 1
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Email Bombing - T1667 (bed81616-3dde-4685-be6e-ba9820f9a7ed) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 1
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 1
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern 1
Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action 1
User Training - M1017 (2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a) Course of Action Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern 1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern 2
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101) Attack Pattern Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Library - T1204.005 (73b24a10-6bf4-4af1-a81e-67b8bcb6c4e6) Attack Pattern 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern 2