| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
1 |
| Multi-factor Authentication - M1032 (b045d015-6bed-4490-bd38-56b41ece59a0) |
Course of Action |
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
1 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
2 |
| Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Additional Container Cluster Roles - T1098.006 (35d30338-5bfa-41b0-a170-ec06dfd75f64) |
Attack Pattern |
2 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) |
Attack Pattern |
2 |
| Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
2 |
| Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) |
Attack Pattern |
Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) |
Attack Pattern |
2 |
| Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
2 |
| Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| Additional Cloud Credentials - T1098.001 (8a2f40cf-8325-47f9-96e4-b1ca4c7389bd) |
Attack Pattern |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
2 |
| Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) |
Attack Pattern |
2 |
| Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) |
Attack Pattern |
2 |
| Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
2 |
| Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
2 |
| SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
2 |