| Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) |
Attack Pattern |
1 |
| HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) |
Attack Pattern |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
1 |
| Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| LNK Icon Smuggling - T1027.012 (887274fc-2d63-4bdc-82f3-fae56d1d5fdc) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
1 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
1 |
| Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
1 |
| Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
1 |
| XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
1 |
| Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) |
Attack Pattern |
1 |
| Direct Volume Access - T1006 (0c8ab3eb-df48-4b9c-ace7-beacaac81cc5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) |
Attack Pattern |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
1 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
1 |
| Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb) |
Attack Pattern |
1 |
| LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
1 |
| Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Container Orchestration Job - T1053.007 (1126cab1-c700-412f-a510-61f4937bb096) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
File Creation (2b3bfe19-d59a-460d-93bb-2f546adc2d2c) |
mitre-data-component |
1 |
| Double File Extension - T1036.007 (11f29a39-0942-4d62-92b6-fe236cf3066e) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
| Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) |
Attack Pattern |
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
2 |
| Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) |
Attack Pattern |
2 |
| Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
2 |
| Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
2 |
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) |
Attack Pattern |
2 |
| Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
LNK Icon Smuggling - T1027.012 (887274fc-2d63-4bdc-82f3-fae56d1d5fdc) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
2 |
| Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
2 |
| Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
2 |
| Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) |
Attack Pattern |
2 |
| Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| MMC - T1218.014 (ffbcfdb0-de22-4106-9ed3-fc23c8a01407) |
Attack Pattern |
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) |
Attack Pattern |
2 |
| Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
2 |
| AppDomainManager - T1574.014 (356662f7-e315-4759-86c9-6214e2a50ff8) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) |
Attack Pattern |
2 |
| Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
2 |
| Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) |
Attack Pattern |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d) |
Attack Pattern |
2 |
| Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
2 |
| DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
2 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Resource Forking - T1564.009 (b22e5153-ac28-4cc6-865c-2054e36285cb) |
Attack Pattern |
2 |
| LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
2 |
| File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) |
Attack Pattern |
2 |
| DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
2 |
| Print Processors - T1547.012 (2de47683-f398-448f-b947-9abcc3e32fad) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
2 |
| Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
2 |
| Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) |
Attack Pattern |
2 |
| Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) |
Attack Pattern |
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
2 |
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) |
Attack Pattern |
2 |
| Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
2 |
| Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
2 |
| Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Container Orchestration Job - T1053.007 (1126cab1-c700-412f-a510-61f4937bb096) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
2 |