Skip to content

Hide Navigation Hide TOC

File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)

Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)

Cluster A Galaxy A Cluster B Galaxy B Level
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8) Attack Pattern 1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Power Settings - T1653 (ea071aa0-8f17-416f-ab0d-2bab7e79003d) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 1
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 1
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 1
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e) Attack Pattern 1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 1
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) Attack Pattern 1
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 1
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 1
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 1
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 1
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 1
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 1
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern 1
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 1
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236) Attack Pattern 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) mitre-data-component 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 2
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) Attack Pattern Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8) Attack Pattern 2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) Attack Pattern 2
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) Attack Pattern Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5) Attack Pattern 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 2
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) Attack Pattern 2
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) Attack Pattern Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 2
Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 2
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) Attack Pattern 2
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) Attack Pattern 2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 2
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 2
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 2
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) Attack Pattern 2
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 2
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) Attack Pattern 2
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 2
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2