Hide Navigation Hide TOC

Application Log - DS0015 (40269753-26bd-437b-986e-159c66dec5e4)

Events collected by third-party services such as mail servers, web applications, or other appliances (not by the native OS or platform)(Citation: Confluence Logs)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Application Log - DS0015 (40269753-26bd-437b-986e-159c66dec5e4)	mitre-data-source	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	2
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414)	Attack Pattern	2
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	2
Serverless Execution - T1648 (e848506b-8484-4410-8017-3d235a52f5b3)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9)	Attack Pattern	Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)	mitre-data-component	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	3
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	3
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	3
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858)	Attack Pattern	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	3
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9)	Attack Pattern	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	3
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	3
Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a)	Attack Pattern	3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	3
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc)	Attack Pattern	3
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	3