| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
1 |
| Restrict File and Directory Permissions - M1022 (987988f0-cf86-4680-a875-2f6456ab2448) |
Course of Action |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
1 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
2 |
| NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
| Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
2 |
| Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
2 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
2 |
| Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
2 |
| Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
2 |
| Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
| Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) |
Attack Pattern |
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
2 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
2 |
| Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
2 |
| RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) |
Attack Pattern |
2 |
| AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) |
Attack Pattern |
2 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
2 |
| Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
2 |
| Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) |
Attack Pattern |
2 |
| Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |