Script - DS0012 (12c1e727-7fa4-49b6-af81-366ed2ce231e) |
mitre-data-source |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
1 |
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) |
Attack Pattern |
2 |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60) |
Attack Pattern |
2 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
2 |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Script Execution (9f387817-df83-432a-b56b-a8fb7f71eedd) |
mitre-data-component |
2 |
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
3 |
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) |
Attack Pattern |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
3 |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
3 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
3 |
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) |
Attack Pattern |
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) |
Attack Pattern |
3 |
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
3 |
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) |
Attack Pattern |
3 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) |
Attack Pattern |
3 |
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) |
Attack Pattern |
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) |
Attack Pattern |
3 |
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) |
Attack Pattern |
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60) |
Attack Pattern |
3 |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
3 |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
3 |
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |