| RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Cloud Service Dashboard - T1538 (e49920b0-6c54-40c1-9571-73723653205f) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Direct Cloud VM Connections - T1021.008 (45241b9e-9bbc-4826-a2cc-78855e51ca09) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
1 |
| SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
1 |
| Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
1 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) |
Attack Pattern |
1 |
| Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
1 |
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) |
Attack Pattern |
1 |
| Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
Logon Session Creation (9ce98c86-8d30-4043-ba54-0784d478d0b5) |
mitre-data-component |
1 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) |
Attack Pattern |
2 |
| VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
2 |
| Direct Cloud VM Connections - T1021.008 (45241b9e-9bbc-4826-a2cc-78855e51ca09) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Domain Controller Authentication - T1556.001 (d4b96d2c-1032-4b22-9235-2b5b649d0605) |
Attack Pattern |
2 |
| SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) |
Attack Pattern |
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
2 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) |
Attack Pattern |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) |
Attack Pattern |
2 |
| Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) |
Attack Pattern |
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) |
Attack Pattern |
2 |
| Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) |
Attack Pattern |
2 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) |
Attack Pattern |
2 |
| Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Pluggable Authentication Modules - T1556.003 (06c00069-771a-4d57-8ef5-d3718c1a8771) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
2 |
| Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) |
Attack Pattern |
2 |
| Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) |
Attack Pattern |
Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) |
Attack Pattern |
2 |
| SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |