Skip to content

Hide Navigation Hide TOC

Driver Load (3551476e-14f5-4e48-a518-e82135329e03)

Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)

Cluster A Galaxy A Cluster B Galaxy B Level
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 1
Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Driver Load (3551476e-14f5-4e48-a518-e82135329e03) mitre-data-component 1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2