Skip to content

Hide Navigation Hide TOC

File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31)

Detecting any suspicious changes to files in a computer system.

Cluster A Galaxy A Cluster B Galaxy B Level
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 1
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) Attack Pattern 1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Plist Modification - T1547.011 (6747daa2-3533-4e78-8fb8-446ebb86448a) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 1
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 1
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Launchd - T1053.004 (8faedf87-dceb-4c35-b2a2-7286f59a3bc3) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern 1
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 1
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Implant Internal Image - T1525 (4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f) Attack Pattern 1
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern 1
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND 1
File Integrity Monitoring (a6c54822-7f49-5770-a99f-29af0d08bf31) MITRE D3FEND Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 2
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Plist Modification - T1547.011 (6747daa2-3533-4e78-8fb8-446ebb86448a) Attack Pattern Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236) Attack Pattern 2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 2
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern 2
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 2
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Launchd - T1053.004 (8faedf87-dceb-4c35-b2a2-7286f59a3bc3) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern 2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 2
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern 2
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2