Skip to content

Hide Navigation Hide TOC

Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa)

Application Log Content refers to logs generated by applications or services, providing a record of their activity. These logs may include metrics, errors, performance data, and operational alerts from web, mail, or other applications. These logs are vital for monitoring application behavior and detecting malicious activities or anomalies. Examples:

  • Web Application Logs: These logs include information about requests, responses, errors, and security events (e.g., unauthorized access attempts).
  • Email Application Logs: Logs contain metadata about emails sent, received, or blocked (e.g., sender/receiver addresses, message IDs).
  • SaaS Application Logs: Activity logs include user logins, configuration changes, and access to sensitive resources.
  • Cloud Application Logs: Logs detail control plane activities, including API calls, instance modifications, and network changes.
  • System/Application Monitoring Logs: Logs provide insights into application performance, errors, and anomalies.

This data component can be collected through the following measures:

Configure Application Logging

  • Enable logging within the application or service.
  • Examples:
    • Web Servers: Enable access and error logs in NGINX or Apache.
    • Email Systems: Enable audit logging in Microsoft Exchange or Gmail.

Centralized Log Management

  • Use log management solutions like Splunk, or a cloud-native logging solution.
  • Configure the application to send logs to a centralized system for analysis.

Cloud-Specific Collection

  • Use services like AWS CloudWatch, Azure Monitor, or Google Cloud Operations Suite for cloud-based applications.
  • Ensure logging is enabled for all critical resources (e.g., API calls, IAM changes).

SIEM Integration

  • Integrate application logs with a SIEM platform (e.g., Splunk, QRadar) for real-time correlation and analysis.
  • Use parsers to standardize log formats and extract key fields like timestamps, user IDs, and error codes.
Cluster A Galaxy A Cluster B Galaxy B Level
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Bombing - T1667 (bed81616-3dde-4685-be6e-ba9820f9a7ed) Attack Pattern 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hardware Additions - T1200 (d40239b3-05ff-46d8-9bdd-b46d13463ef9) Attack Pattern 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern 1
Polymorphic Code - T1027.014 (b577dfc1-0177-4522-8d5a-782127c8592b) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 1
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Cloud Service Hijacking - T1496.004 (924d273c-be0d-4d8d-af58-2dddb15ef1e2) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 1
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component ESXi Administration Command - T1675 (31e5011f-090e-45be-9bb6-17a1c5e8219b) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Impersonation - T1656 (c9e0c59e-162e-40a4-b8b1-78fab4329ada) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 1
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 1
SMS Pumping - T1496.003 (130d4494-b2d6-4040-bcea-6e59f05222fe) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 1
Email Spoofing - T1672 (e1c2db92-7ae3-4e6a-90b4-157c1c1565cb) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern 1
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Serverless Execution - T1648 (e848506b-8484-4410-8017-3d235a52f5b3) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component vSphere Installation Bundles - T1505.006 (f8ba7d61-11c5-4130-bafd-7c3ff5fbf4b5) Attack Pattern 1
Application Log Content (9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa) mitre-data-component External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 2
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 2
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) Attack Pattern 2
Polymorphic Code - T1027.014 (b577dfc1-0177-4522-8d5a-782127c8592b) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 2
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Cloud Service Hijacking - T1496.004 (924d273c-be0d-4d8d-af58-2dddb15ef1e2) Attack Pattern Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 2
Exfiltration Over Webhook - T1567.004 (43f2776f-b4bd-4118-94b8-fee47e69676d) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Service - T1598.001 (f870408c-b1cd-49c7-a5c7-0ef0fc496cc6) Attack Pattern 2
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 2
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Customer Relationship Management Software - T1213.004 (bbfbb096-6561-4d7d-aa2c-a5ee8e44c696) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 2
SMS Pumping - T1496.003 (130d4494-b2d6-4040-bcea-6e59f05222fe) Attack Pattern Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern SQL Stored Procedures - T1505.001 (f9e9365a-9ca2-4d9c-8e7c-050d73d1101a) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Voice - T1566.004 (bb5e59c4-abe7-40c7-8196-e373cb1e5974) Attack Pattern 2
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern 2
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern vSphere Installation Bundles - T1505.006 (f8ba7d61-11c5-4130-bafd-7c3ff5fbf4b5) Attack Pattern 2