Skip to content

Hide Navigation Hide TOC

Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)

Lazarus group is a suspected North Korean adversary group that has targeted networks associated with civilian electric energy in Europe, East Asia, and North America. Links have been established associating this group with the WannaCry ransomware from 2017.3 While WannaCry was not an ICS focused attack, Lazarus group is considered to be a threat to ICS. North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.

Cluster A Galaxy A Cluster B Galaxy B Level
Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef) Groups Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 1
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e) Threat Actor 2
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 2
STARDUST CHOLLIMA (d8e1762a-0063-48c2-9ea1-8d176d14b70f) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8) Microsoft Activity Group actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor TraderTraitor (825abfd9-7238-4438-a9e7-c08791f4df4e) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b) Microsoft Activity Group actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 2
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 3
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors 3
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 4
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Prevent Command History Logging - T1690 (b831f51c-d22f-4724-bbab-60d056bd1150) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 4
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576) Tool SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f) Tool CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 5
WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04) Tool WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa) Tool DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 5
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72) Tool 5
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97) Tool KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d) Tool POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 5
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b) Tool SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 5
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 5
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 5
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 5
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 5
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern 5
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 5
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 6
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 6
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 6
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 6
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 6
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 6
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 6
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 6
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 6
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 6
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 6
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 6
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 6
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 6
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 6
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 6
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 6
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 6
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 6
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 6
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 6
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 6
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 6