Skip to content

Hide Navigation Hide TOC

Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)

Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)

Cluster A Galaxy A Cluster B Galaxy B Level
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Serverless Execution - T1648 (e848506b-8484-4410-8017-3d235a52f5b3) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 1
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 1
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern 1
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 1
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern 1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 1
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 2
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 2
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 2
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 2
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 2