| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
1 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) |
Attack Pattern |
1 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
1 |
| Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
1 |
| Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
1 |
| Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
1 |
| Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
1 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
1 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
1 |
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Operating System Configuration - M1028 (2f316f6c-ae42-44fe-adf8-150989e0f6d3) |
Course of Action |
1 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
2 |
| RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
2 |
| Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
2 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
2 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
2 |
| Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
2 |
| Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd) |
Attack Pattern |
Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87) |
Attack Pattern |
2 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
2 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
2 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
2 |