Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
1 |
XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) |
Attack Pattern |
1 |
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Plist Modification - T1547.011 (6747daa2-3533-4e78-8fb8-446ebb86448a) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
1 |
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) |
Attack Pattern |
1 |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Launchd - T1053.004 (8faedf87-dceb-4c35-b2a2-7286f59a3bc3) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
1 |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
1 |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
1 |
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
1 |
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Implant Internal Image - T1525 (4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) |
Attack Pattern |
1 |
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) |
Attack Pattern |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
1 |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
1 |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
1 |
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) |
Attack Pattern |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
1 |
File Removal (2fdd5180-fa37-56eb-9c0c-d0a3d3de5887) |
MITRE D3FEND |
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) |
Attack Pattern |
1 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
2 |
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
2 |
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
2 |
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
2 |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
2 |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) |
Attack Pattern |
2 |
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
2 |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
Plist Modification - T1547.011 (6747daa2-3533-4e78-8fb8-446ebb86448a) |
Attack Pattern |
Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236) |
Attack Pattern |
2 |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
2 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
2 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) |
Attack Pattern |
2 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
2 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) |
Attack Pattern |
2 |
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
2 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) |
Attack Pattern |
2 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
2 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) |
Attack Pattern |
2 |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
2 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
2 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
2 |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
2 |
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Launchd - T1053.004 (8faedf87-dceb-4c35-b2a2-7286f59a3bc3) |
Attack Pattern |
2 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
2 |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
2 |
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) |
Attack Pattern |
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) |
Attack Pattern |
2 |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
2 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
2 |
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) |
Attack Pattern |
2 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
2 |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
2 |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
2 |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5) |
Attack Pattern |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
2 |
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
2 |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) |
Attack Pattern |
2 |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) |
Attack Pattern |
2 |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
2 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
2 |
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
2 |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
2 |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) |
Attack Pattern |
2 |