| Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) |
Attack Pattern |
1 |
| Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
1 |
| Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) |
Attack Pattern |
1 |
| Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
1 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) |
Attack Pattern |
1 |
| Firmware Corruption - T1495 (f5bb433e-bdf6-4781-84bc-35e97e43be89) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
1 |
| Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) |
Attack Pattern |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
1 |
| Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
1 |
| SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
Update Software - M1051 (e5d930e9-775a-40ad-9bdb-b941d8dfe86b) |
Course of Action |
1 |
| Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) |
Attack Pattern |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
2 |
| DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
| Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
2 |
| System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) |
Attack Pattern |
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
2 |
| Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) |
Attack Pattern |
Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) |
Attack Pattern |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
2 |
| Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) |
Attack Pattern |
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) |
Attack Pattern |
2 |
| Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) |
Attack Pattern |
2 |
| Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
2 |
| SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
2 |