| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Plist File Modification - T1647 (7d20fff9-8751-404e-badd-ccd71bda0236) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Power Settings - T1653 (ea071aa0-8f17-416f-ab0d-2bab7e79003d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) |
Attack Pattern |
1 |
| File Modification (84572de3-9583-4c73-aabd-06ea88123dd8) |
mitre-data-component |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
1 |
| Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
| At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Login Hook - T1037.002 (43ba2b05-cf72-4b6c-8243-03a4aba41ee0) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) |
Attack Pattern |
2 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
2 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
2 |
| Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) |
Attack Pattern |
2 |
| Disable or Modify Linux Audit System - T1562.012 (562e9b64-7239-493d-80f4-2bff900d9054) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
| RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) |
Attack Pattern |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) |
Attack Pattern |
2 |
| Systemd Timers - T1053.006 (a542bac9-7bc1-4da7-9a09-96f69e23cc21) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) |
Attack Pattern |
2 |
| Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) |
Attack Pattern |
2 |
| System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) |
Attack Pattern |
2 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Proc Memory - T1055.009 (d201d4cc-214d-4a74-a1ba-b3fa09fd4591) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) |
Attack Pattern |
2 |
| Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
2 |
| Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
2 |
| Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) |
Attack Pattern |
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Trap - T1546.005 (63220765-d418-44de-8fae-694b3912317d) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) |
Attack Pattern |
2 |
| Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) |
Attack Pattern |
2 |
| SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
2 |
| Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
2 |
| Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
2 |
| Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) |
Attack Pattern |
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Device Authentication - T1556.004 (fa44a152-ac48-441e-a524-dd7b04b8adcd) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
| Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) |
Attack Pattern |
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) |
Attack Pattern |
2 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) |
Attack Pattern |
2 |
| DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Re-opened Applications - T1547.007 (e5cc9e7a-e61a-46a1-b869-55fb6eab058e) |
Attack Pattern |
2 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
LC_LOAD_DYLIB Addition - T1546.006 (10ff21b9-5a01-4268-a1b5-3b55015f1847) |
Attack Pattern |
2 |
| Reduce Key Space - T1600.001 (3a40f208-a9c1-4efa-a598-4003c3681fb8) |
Attack Pattern |
Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
TCC Manipulation - T1548.006 (e8a0a025-3601-4755-abfb-8d08283329fb) |
Attack Pattern |
2 |
| Weaken Encryption - T1600 (1f9012ef-1e10-4e48-915e-e03563435fe8) |
Attack Pattern |
Disable Crypto Hardware - T1600.002 (7efba77e-3bc4-4ca5-8292-d8201dcd64b5) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
2 |
| Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
2 |
| DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) |
Attack Pattern |
2 |
| Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) |
Attack Pattern |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) |
Attack Pattern |
2 |
| Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) |
Attack Pattern |
2 |
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) |
Attack Pattern |
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) |
Attack Pattern |
2 |
| Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
| Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) |
Attack Pattern |
2 |
| Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) |
Attack Pattern |
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
2 |
| Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Web Portal Capture - T1056.003 (69e5226d-05dc-4f15-95d7-44f5ed78d06e) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) |
Attack Pattern |
2 |
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) |
Attack Pattern |
2 |