Hide Navigation Hide TOC

Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)

Attaching a module into the memory of a process/program, typically to access shared resources/features provided by the module (ex: Sysmon EID 7)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	1
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3)	Attack Pattern	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	1
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	1
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	1
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	1
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	1
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Module Load (c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1)	mitre-data-component	1
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	2
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	2
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	2
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	2
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	2
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2