Skip to content

Hide Navigation Hide TOC

Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)

Application Log Content refers to logs generated by applications or services, providing a record of their activity. These logs may include metrics, errors, performance data, and operational alerts from web, mail, or other applications. These logs are vital for monitoring application behavior and detecting malicious activities or anomalies. Examples:

  • Web Application Logs: These logs include information about requests, responses, errors, and security events (e.g., unauthorized access attempts).
  • Email Application Logs: Logs contain metadata about emails sent, received, or blocked (e.g., sender/receiver addresses, message IDs).
  • SaaS Application Logs: Activity logs include user logins, configuration changes, and access to sensitive resources.
  • Cloud Application Logs: Logs detail control plane activities, including API calls, instance modifications, and network changes.
  • System/Application Monitoring Logs: Logs provide insights into application performance, errors, and anomalies.

This data component can be collected through the following measures:

Configure Application Logging

  • Enable logging within the application or service.
  • Examples:
    • Web Servers: Enable access and error logs in NGINX or Apache.
    • Email Systems: Enable audit logging in Microsoft Exchange or Gmail.

Centralized Log Management

  • Use log management solutions like Splunk, or a cloud-native logging solution.
  • Configure the application to send logs to a centralized system for analysis.

Cloud-Specific Collection

  • Use services like AWS CloudWatch, Azure Monitor, or Google Cloud Operations Suite for cloud-based applications.
  • Ensure logging is enabled for all critical resources (e.g., API calls, IAM changes).

SIEM Integration

  • Integrate application logs with a SIEM platform (e.g., Splunk, QRadar) for real-time correlation and analysis.
  • Use parsers to standardize log formats and extract key fields like timestamps, user IDs, and error codes.
Cluster A Galaxy A Cluster B Galaxy B Level
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Bombing - T1667 (bed81616-3dde-4685-be6e-ba9820f9a7ed) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9) Attack Pattern 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 1
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Polymorphic Code - T1027.014 (b577dfc1-0177-4522-8d5a-782127c8592b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Cloud Service Hijacking - T1496.004 (924d273c-be0d-4d8d-af58-2dddb15ef1e2) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 1
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 1
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component ESXi Administration Command - T1675 (31e5011f-090e-45be-9bb6-17a1c5e8219b) Attack Pattern 1
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
SMS Pumping - T1496.003 (130d4494-b2d6-4040-bcea-6e59f05222fe) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Spoofing - T1672 (e1c2db92-7ae3-4e6a-90b4-157c1c1565cb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern 1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Serverless Execution - T1648 (e848506b-8484-4410-8017-3d235a52f5b3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
vSphere Installation Bundles - T1505.006 (f8ba7d61-11c5-4130-bafd-7c3ff5fbf4b5) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 2
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Polymorphic Code - T1027.014 (b577dfc1-0177-4522-8d5a-782127c8592b) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Cloud Service Hijacking - T1496.004 (924d273c-be0d-4d8d-af58-2dddb15ef1e2) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 2
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 2
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern SMS Pumping - T1496.003 (130d4494-b2d6-4040-bcea-6e59f05222fe) Attack Pattern 2
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern 2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 2
Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 2
vSphere Installation Bundles - T1505.006 (f8ba7d61-11c5-4130-bafd-7c3ff5fbf4b5) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2