Hide Navigation Hide TOC

Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)

Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures(Citation: Microsoft Processes and Threads)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	1
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Process - DS0009 (e8b8ede7-337b-4c0c-8c32-5c7872c1ee22)	mitre-data-source	1
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	2
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	2
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	IDE Tunneling - T1219.001 (77e29a47-e263-4f11-8692-e5012f44dbac)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	JamPlus - T1127.003 (7d356151-a69d-404e-896b-71618952702a)	Attack Pattern	2
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8)	Attack Pattern	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Bandwidth Hijacking - T1496.002 (718cb208-6446-4572-a2f0-9c799c60091e)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	2
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	XSL Script Processing - T1220 (ebbe170d-aa74-4946-8511-9921243415a3)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414)	Attack Pattern	2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Log Enumeration - T1654 (866d0d6d-02c6-42bd-aa2f-02907fdc0969)	Attack Pattern	2
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	2
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Input Injection - T1674 (63e3d25c-d57d-407d-8e6a-2cecd71f90be)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Extended Attributes - T1564.014 (762e6f29-a62f-4d96-91ed-d0073181431f)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Process Creation (3d20385b-24ef-40e1-9f56-f39750379077)	mitre-data-component	Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	2
Process Modification (d5fca4e4-e47a-487b-873f-3d22f8865e96)	mitre-data-component	Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	2
Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	Exclusive Control - T1668 (dff263cc-328e-42b4-afbc-1fee8b6a8913)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	2
Process Termination (61f1d40e-f3d0-4cc6-aa2d-937b6204194f)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
XPC Services - T1559.003 (8252f135-ed26-4ce1-ae61-f26e94429a19)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Process Access (1887a270-576a-4049-84de-ef746b2572d6)	mitre-data-component	2
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Virtualization Solution - T1670 (8e097ec5-1755-41d6-807c-3882442b818a)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	2
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Bind Mounts - T1564.013 (5bd41255-a224-4425-a2e2-e9d293eafe1c)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
OS API Execution (9bde2f9d-a695-4344-bfac-f2dce13d121e)	mitre-data-component	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	2
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)	mitre-data-component	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	3
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21)	Attack Pattern	3
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
AppleScript - T1059.002 (37b11151-1776-4f8f-b328-30939fbf2ceb)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	3
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58)	Attack Pattern	System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
SyncAppvPublishingServer - T1216.002 (e6f19759-dde3-47fc-99cc-d9f5fa4ade60)	Attack Pattern	System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe)	Attack Pattern	3
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
IDE Tunneling - T1219.001 (77e29a47-e263-4f11-8692-e5012f44dbac)	Attack Pattern	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	3
ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c)	Attack Pattern	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	JamPlus - T1127.003 (7d356151-a69d-404e-896b-71618952702a)	Attack Pattern	3
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	Browser Extensions - T1176.001 (278716b1-61ce-4a74-8d17-891d0c494101)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	InstallUtil - T1218.004 (2cd950a6-16c4-404a-aa01-044322395107)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	3
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	3
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	3
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
IDE Extensions - T1176.002 (66b34be7-6915-4b83-8d5a-b0f0592b5e41)	Attack Pattern	Software Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	3
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	3
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	3
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mavinject - T1218.013 (1bae753e-8e52-4055-a66d-2ead90303ca9)	Attack Pattern	3
Spoof Security Alerting - T1562.011 (bef8aaee-961d-4359-a308-4c2182bcedff)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	3
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	3
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Bandwidth Hijacking - T1496.002 (718cb208-6446-4572-a2f0-9c799c60091e)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	3
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Elevated Execution with Prompt - T1548.004 (b84903f0-c7d5-435d-a69e-de47cc3578c0)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	3
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
Electron Applications - T1218.015 (561ae9aa-c28a-4144-9eec-e7027a14c8c3)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	3
Break Process Trees - T1036.009 (34a80bc4-80f2-46e6-94ff-f3265a4b657c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Extended Attributes - T1564.014 (762e6f29-a62f-4d96-91ed-d0073181431f)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	3
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Udev Rules - T1546.017 (f4c3f644-ab33-433d-8648-75cc03a95792)	Attack Pattern	3
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	3
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Thread Local Storage - T1055.005 (e49ee9d2-0d98-44ef-85e5-5d3100065744)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Ptrace System Calls - T1055.008 (ea016b56-ae0e-47fe-967a-cc0ad51af67f)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
ListPlanting - T1055.015 (eb2cb5cb-ae87-4de0-8c35-da2a17aafb99)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Securityd Memory - T1555.002 (1a80d097-54df-41d8-9d33-34e755ec5e72)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	3
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	XPC Services - T1559.003 (8252f135-ed26-4ce1-ae61-f26e94429a19)	Attack Pattern	3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	3
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	3
Process Doppelgänging - T1055.013 (7007935a-a8a7-4c0b-bd98-4e85be8ed197)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	VDSO Hijacking - T1055.014 (98be40f2-c86b-4ade-b6fc-4964932040e5)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	3
Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Bind Mounts - T1564.013 (5bd41255-a224-4425-a2e2-e9d293eafe1c)	Attack Pattern	3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	3