Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
1 |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) |
Attack Pattern |
1 |
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) |
Attack Pattern |
1 |
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Build Image on Host - T1612 (800f9819-7007-4540-a520-40e655876800) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) |
Attack Pattern |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) |
Attack Pattern |
1 |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
1 |
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
1 |
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) |
Attack Pattern |
Network Segmentation - M1030 (86598de0-b347-4928-9eb0-0acbfc21908c) |
Course of Action |
1 |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) |
Attack Pattern |
2 |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
2 |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
2 |
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
2 |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) |
Attack Pattern |
2 |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
2 |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
2 |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
2 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) |
Attack Pattern |
2 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
2 |
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
2 |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
2 |
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |