Skip to content

Hide Navigation Hide TOC

APT33 (8f6f8a49-8a22-4494-a4c0-5a341444339a)

APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.

Cluster A Galaxy A Cluster B Galaxy B Level
APT33 (8f6f8a49-8a22-4494-a4c0-5a341444339a) Groups APT33 (4f69ec6d-cb6b-42af-b8e2-920a2aa4be10) Threat Actor 1
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set APT33 (4f69ec6d-cb6b-42af-b8e2-920a2aa4be10) Threat Actor 2
APT33 (4f69ec6d-cb6b-42af-b8e2-920a2aa4be10) Threat Actor Private Cluster (accd848b-b8f4-46ba-a408-9063b35cfbf2) Unknown 2
APT33 (4f69ec6d-cb6b-42af-b8e2-920a2aa4be10) Threat Actor Peach Sandstorm (4c0f085a-70b1-5ee6-a45a-dc368f03e701) Microsoft Activity Group actor 2
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set AutoIt backdoor - S0129 (f5352566-1a64-49ac-8f7f-97e1d1a03300) Malware 3
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
Ruler - S0358 (90ac9266-68ce-46f2-b24f-5eb3b2a8ea38) mitre-tool APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
APT33 - G0064 (fbd29c89-18ba-4c2d-b792-51c0adee049f) Intrusion Set Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 4
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware TURNEDUP (fab34d66-5668-460a-bc0f-250b9417cdbf) Malpedia 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
TURNEDUP - S0199 (db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 4
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern AutoIt backdoor - S0129 (f5352566-1a64-49ac-8f7f-97e1d1a03300) Malware 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern AutoIt backdoor - S0129 (f5352566-1a64-49ac-8f7f-97e1d1a03300) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AutoIt backdoor - S0129 (f5352566-1a64-49ac-8f7f-97e1d1a03300) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern AutoIt backdoor - S0129 (f5352566-1a64-49ac-8f7f-97e1d1a03300) Malware 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
DEADWOOD - S1134 (f2e6af17-3828-4f10-88e7-343591618ddb) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 4
Ruler - S0358 (90ac9266-68ce-46f2-b24f-5eb3b2a8ea38) mitre-tool Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 4
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern Ruler - S0358 (90ac9266-68ce-46f2-b24f-5eb3b2a8ea38) mitre-tool 4
Ruler - S0358 (90ac9266-68ce-46f2-b24f-5eb3b2a8ea38) mitre-tool Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 4
Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern Ruler - S0358 (90ac9266-68ce-46f2-b24f-5eb3b2a8ea38) mitre-tool 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware 4
POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern POWERTON - S0371 (e85cae1a-bce3-4ac4-b36b-b00acac0567b) Malware 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 4
NanoCore - S0336 (b4d80f8b-d2b9-4448-8844-4bef777ed676) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 4
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 5
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 5
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 5
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605) Attack Pattern 5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 5
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 5
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 5
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 5
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 5
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 5
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 5
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 5