Hide Navigation Hide TOC

Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)

Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures(Citation: Microsoft Processes and Threads)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	1
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	1
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	1
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	1
XPC Services - T1559.003 (8252f135-ed26-4ce1-ae61-f26e94429a19)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	2
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Virtualization Solution - T1670 (8e097ec5-1755-41d6-807c-3882442b818a)	Attack Pattern	2
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Bind Mounts - T1564.013 (5bd41255-a224-4425-a2e2-e9d293eafe1c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	2
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	2
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	IDE Tunneling - T1219.001 (77e29a47-e263-4f11-8692-e5012f44dbac)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	2
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	2
JamPlus - T1127.003 (7d356151-a69d-404e-896b-71618952702a)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41)	Attack Pattern	2
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	2
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	2
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Bandwidth Hijacking - T1496.002 (718cb208-6446-4572-a2f0-9c799c60091e)	Attack Pattern	2
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	2
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	2
Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	2
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	2
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	2
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Input Injection - T1674 (63e3d25c-d57d-407d-8e6a-2cecd71f90be)	Attack Pattern	2
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Extended Attributes - T1564.014 (762e6f29-a62f-4d96-91ed-d0073181431f)	Attack Pattern	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	2
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Exclusive Control - T1668 (dff263cc-328e-42b4-afbc-1fee8b6a8913)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	XPC Services - T1559.003 (8252f135-ed26-4ce1-ae61-f26e94429a19)	Attack Pattern	3
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	3
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	3
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	3
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	3
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	3
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	3
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	3
Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	3
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Bind Mounts - T1564.013 (5bd41255-a224-4425-a2e2-e9d293eafe1c)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	3
Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	3
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	3
Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	3
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	3
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	3
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58)	Attack Pattern	3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	3
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	IDE Tunneling - T1219.001 (77e29a47-e263-4f11-8692-e5012f44dbac)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	3
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	3
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	JamPlus - T1127.003 (7d356151-a69d-404e-896b-71618952702a)	Attack Pattern	3
Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	3
InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	3
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	3
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	3
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	3
MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	3
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Bandwidth Hijacking - T1496.002 (718cb208-6446-4572-a2f0-9c799c60091e)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	3
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	3
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	3
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	3
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	3
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	3
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	3
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Extended Attributes - T1564.014 (762e6f29-a62f-4d96-91ed-d0073181431f)	Attack Pattern	3
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	3
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3