| Modify Cloud Compute Configurations - T1578.005 (ca00366b-83a1-4c7b-a0ce-8ff950a7c87f) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Build Image on Host - T1612 (800f9819-7007-4540-a520-40e655876800) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Disable or Modify Cloud Firewall - T1562.007 (77532a55-c283-4cd2-bc5d-2d0b65e9d88c) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Implant Internal Image - T1525 (4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Create Snapshot - T1578.001 (ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Power Settings - T1653 (ea071aa0-8f17-416f-ab0d-2bab7e79003d) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) |
Attack Pattern |
Audit - M1047 (cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8) |
Course of Action |
1 |
| Modify Cloud Compute Configurations - T1578.005 (ca00366b-83a1-4c7b-a0ce-8ff950a7c87f) |
Attack Pattern |
Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
2 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
2 |
| At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) |
Attack Pattern |
2 |
| SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) |
Attack Pattern |
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
2 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
2 |
| Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
2 |
| Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
2 |
| Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
| ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) |
Attack Pattern |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) |
Attack Pattern |
2 |
| Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) |
Attack Pattern |
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) |
Attack Pattern |
2 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Disable or Modify Cloud Firewall - T1562.007 (77532a55-c283-4cd2-bc5d-2d0b65e9d88c) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
2 |
| Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
2 |
| Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c) |
Attack Pattern |
Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
2 |
| Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4) |
Attack Pattern |
2 |
| Create Snapshot - T1578.001 (ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1) |
Attack Pattern |
Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) |
Attack Pattern |
2 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
2 |
| Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
2 |
| TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) |
Attack Pattern |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
2 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) |
Attack Pattern |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
2 |
| Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022) |
Attack Pattern |
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
2 |
| AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
2 |
| Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
2 |
| DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) |
Attack Pattern |
2 |
| Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
2 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
2 |
| Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) |
Attack Pattern |
2 |