User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)

None

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	Analytic 1316 - AN1316 (66107cd1-c123-4ad5-bb0b-62d8a9a451a6)	Analytics	1
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	Analytic 1314 - AN1314 (dcd6253b-a986-4c8a-bd89-46389007ea83)	Analytics	1
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	Analytic 1318 - AN1318 (e707cd33-8e20-4b1d-ad3f-fd3a3233fcdd)	Analytics	1
Analytic 1317 - AN1317 (3a6fdd1a-59c6-4f46-a761-0de502229da0)	Analytics	User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	1
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	Analytic 1315 - AN1315 (a6e7697d-f0b8-4fcc-b32a-fec5b28cd8f7)	Analytics	1
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) - DET0478 (70c9f174-2e96-4086-b59c-d2358e434f8e)	Detection Strategies	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	1