WMI - DS0005 (2cd6cc81-d86e-4595-a4f0-43f5519f14e6)

The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers(Citation: Microsoft WMI System Classes)(Citation: Microsoft WMI Architecture)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	WMI - DS0005 (2cd6cc81-d86e-4595-a4f0-43f5519f14e6)	mitre-data-source	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	2
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
WMI Creation (05645013-2fed-4066-8bdc-626b2e201dd4)	mitre-data-component	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3