Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)

Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	1
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2