WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	1
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	1
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	1
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	1
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2