| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
1 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
1 |
| Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72) |
Attack Pattern |
Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) |
Attack Pattern |
1 |
| Data Inventory (9a661e49-0ad0-59ce-a2fe-0248b0bc04cd) |
MITRE D3FEND |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
1 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
2 |
| System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) |
Attack Pattern |
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) |
Attack Pattern |
2 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
| Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) |
Attack Pattern |
2 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
2 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
2 |
| Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
| Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
2 |
| Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
| MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) |
Attack Pattern |
2 |
| Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) |
Attack Pattern |
2 |