File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)

A computer resource object, managed by the I/O system, for storing data (such as images, text, videos, computer programs, or any wide variety of other media).(Citation: Microsoft File Mgmt)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)	mitre-data-source	1
File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)	mitre-data-source	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	1
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)	mitre-data-source	1
File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)	mitre-data-source	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	1
File - DS0022 (509ed41e-ca42-461e-9058-24602256daf9)	mitre-data-source	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	1
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e)	Attack Pattern	2
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Stripped Payloads - T1027.008 (2f41939b-54c3-41d6-8f8b-35f1ec18ed97)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	2
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Right-to-Left Override - T1036.002 (77eae145-55db-4519-8ae5-77b0c7215d69)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	LNK Icon Smuggling - T1027.012 (887274fc-2d63-4bdc-82f3-fae56d1d5fdc)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
File Metadata (639e87f3-acb6-448a-9645-258f20da4bc5)	mitre-data-component	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	2
Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	2
File Access (235b7491-2d2b-4617-9a52-3c0783680f71)	mitre-data-component	Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Power Settings - T1653 (ea071aa0-8f17-416f-ab0d-2bab7e79003d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
File Modification (84572de3-9583-4c73-aabd-06ea88123dd8)	mitre-data-component	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	2
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	2
File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	2
File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
File Deletion (e905dad2-00d6-477c-97e8-800427abd0e8)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	2
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
LNK Icon Smuggling - T1027.012 (887274fc-2d63-4bdc-82f3-fae56d1d5fdc)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	2
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	2
Direct Volume Access - T1006 (0c8ab3eb-df48-4b9c-ace7-beacaac81cc5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	2
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Container Orchestration Job - T1053.007 (1126cab1-c700-412f-a510-61f4937bb096)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c)	mitre-data-component	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	3
Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
VBA Stomping - T1564.007 (c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	3
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Stripped Payloads - T1027.008 (2f41939b-54c3-41d6-8f8b-35f1ec18ed97)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	3
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	3
Right-to-Left Override - T1036.002 (77eae145-55db-4519-8ae5-77b0c7215d69)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	LNK Icon Smuggling - T1027.012 (887274fc-2d63-4bdc-82f3-fae56d1d5fdc)	Attack Pattern	3
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Exfiltration Over Other Network Medium - T1011 (51ea26b1-ff1e-4faa-b1a0-1114cd298c87)	Attack Pattern	Exfiltration Over Bluetooth - T1011.001 (613d08bc-e8f4-4791-80b0-c8b974340dfd)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	3
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3)	Attack Pattern	3
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	3
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	3
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	3
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	3
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	3
Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8)	Attack Pattern	Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	3
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8)	Attack Pattern	Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	3
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	3
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754)	Attack Pattern	Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f)	Attack Pattern	3
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754)	Attack Pattern	Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	3
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	3
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	3
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	3
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	3
File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Container Orchestration Job - T1053.007 (1126cab1-c700-412f-a510-61f4937bb096)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3