| Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
1 |
| Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
1 |
| LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
1 |
| Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Network Device CLI - T1059.008 (818302b2-d640-477b-bf88-873120ce85c4) |
Attack Pattern |
1 |
| Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60) |
Attack Pattern |
1 |
| Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3) |
Attack Pattern |
1 |
| Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) |
Attack Pattern |
1 |
| Execution Prevention - M1038 (47e0e9fe-96ce-4f65-8bb1-8be1feacb5db) |
Course of Action |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
1 |
| Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
2 |
| Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
2 |
| Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
2 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
2 |
| LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) |
Attack Pattern |
2 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff) |
Attack Pattern |
2 |
| Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
| AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
2 |
| JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
2 |
| Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) |
Attack Pattern |
2 |
| Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
2 |
| Network Device CLI - T1059.008 (818302b2-d640-477b-bf88-873120ce85c4) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
2 |
| Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) |
Attack Pattern |
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) |
Attack Pattern |
2 |
| System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60) |
Attack Pattern |
2 |
| Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) |
Attack Pattern |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
2 |
| COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
2 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3) |
Attack Pattern |
2 |
| Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) |
Attack Pattern |
2 |
| IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
| Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
2 |
| AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |