| Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
1 |
| Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Traffic Duplication - T1020.001 (7c46b364-8496-4234-8a56-f7e6727e21e1) |
Attack Pattern |
1 |
| Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
1 |
| Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
1 |
| Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) |
Attack Pattern |
1 |
| Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
1 |
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
1 |
| Encrypt Sensitive Information - M1041 (feff9142-e8c2-46f4-842b-bd6fb3d41157) |
Course of Action |
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) |
Attack Pattern |
1 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
2 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
2 |
| Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) |
Attack Pattern |
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
2 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
2 |
| Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) |
Attack Pattern |
Traffic Duplication - T1020.001 (7c46b364-8496-4234-8a56-f7e6727e21e1) |
Attack Pattern |
2 |
| Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
2 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
2 |
| ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) |
Attack Pattern |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
2 |
| Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) |
Attack Pattern |
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) |
Attack Pattern |
2 |
| AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
| NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |