SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
1 |
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
1 |
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) |
Attack Pattern |
1 |
Cloud Service Dashboard - T1538 (e49920b0-6c54-40c1-9571-73723653205f) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
1 |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
1 |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
1 |
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
1 |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) |
Attack Pattern |
1 |
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
1 |
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) |
Attack Pattern |
1 |
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
1 |
Configuration Inventory (ad7ad696-4506-533e-815b-bf592e6bda72) |
MITRE D3FEND |
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
1 |
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
2 |
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
2 |
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
2 |
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
2 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
2 |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) |
Attack Pattern |
2 |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
2 |
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
2 |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) |
Attack Pattern |
2 |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) |
Attack Pattern |
2 |
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) |
Attack Pattern |
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
2 |
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
2 |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) |
Attack Pattern |
2 |
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
2 |