| Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Steal Application Access Token - T1635 (233fe2c0-cb41-4765-b454-e0087597fbce) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Remote Device Management Services - T1430.001 (9ef05e3d-52db-4c12-be4f-519214bbe91f) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Foreground Persistence - T1541 (648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| SSL Pinning - T1521.003 (dfafc230-5465-4993-8dc5-f51fa9fec002) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Replication Through Removable Media - T1458 (667e5707-3843-4da8-bd34-88b922526f0d) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Account Access Removal - T1640 (e2c2249a-eb82-4614-8dd4-9c514dde65e2) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Endpoint Denial of Service - T1642 (eb6cf439-1bcb-4d10-bc68-1eed844ed7b3) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242) |
Attack Pattern |
User Guidance - M1011 (653492e3-27be-4a0e-b08c-938dd2b7e0e1) |
Course of Action |
1 |
| Remote Device Management Services - T1430.001 (9ef05e3d-52db-4c12-be4f-519214bbe91f) |
Attack Pattern |
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) |
Attack Pattern |
2 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) |
Attack Pattern |
2 |
| SSL Pinning - T1521.003 (dfafc230-5465-4993-8dc5-f51fa9fec002) |
Attack Pattern |
Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) |
Attack Pattern |
2 |
| Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) |
Attack Pattern |
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) |
Attack Pattern |
2 |
| Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) |
Attack Pattern |
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) |
Attack Pattern |
2 |
| Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) |
Attack Pattern |
Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) |
Attack Pattern |
2 |
| Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) |
Attack Pattern |
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) |
Attack Pattern |
2 |
| Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) |
Attack Pattern |
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) |
Attack Pattern |
2 |
| Steal Application Access Token - T1635 (233fe2c0-cb41-4765-b454-e0087597fbce) |
Attack Pattern |
URI Hijacking - T1635.001 (789ef15a-34d9-4b32-a779-8cbbc9eb32f5) |
Attack Pattern |
2 |
| Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286) |
Attack Pattern |
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) |
Attack Pattern |
2 |
| Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) |
Attack Pattern |
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) |
Attack Pattern |
2 |
| Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) |
Attack Pattern |
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) |
Attack Pattern |
2 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922) |
Attack Pattern |
2 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) |
Attack Pattern |
2 |
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) |
Attack Pattern |
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) |
Attack Pattern |
2 |
| Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3) |
Attack Pattern |
2 |
| Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) |
Attack Pattern |
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) |
Attack Pattern |
2 |
| Prevent Application Removal - T1629.001 (dc01774a-d1c1-45fb-b506-0a5d1d6593d9) |
Attack Pattern |
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) |
Attack Pattern |
2 |