Skip to content

Hide Navigation Hide TOC

Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448)

Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.

Cluster A Galaxy A Cluster B Galaxy B Level
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 1
Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) Course of Action AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) Attack Pattern 1
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) Attack Pattern Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern 2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) Attack Pattern 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern 2
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 2
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern 2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) Attack Pattern 2