Skip to content

Hide Navigation Hide TOC

Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)

Lazarus group is a suspected North Korean adversary group that has targeted networks associated with civilian electric energy in Europe, East Asia, and North America. Links have been established associating this group with the WannaCry ransomware from 2017.3 While WannaCry was not an ICS focused attack, Lazarus group is considered to be a threat to ICS. North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.

Cluster A Galaxy A Cluster B Galaxy B Level
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef) Groups 1
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8) Microsoft Activity Group actor 2
Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b) Microsoft Activity Group actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e) Threat Actor 2
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 3
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 3
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 3
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 4
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 4
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d) Tool 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b) Tool SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576) Tool SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04) Tool WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f) Tool CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa) Tool 5
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72) Tool HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97) Tool 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern 5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 5
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 5
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 5
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 5
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 5
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 5
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 6
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 6
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 6
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 6
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 6
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 6
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 6
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 6
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 6
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 6
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 6
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 6
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 6
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 6
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 6
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 6
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 6