Hide Navigation Hide TOC

APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)

APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which APT38 stole $81 million, as well as attacks against Bancomext (Citation: FireEye APT38 Oct 2018) and Banco de Chile (Citation: FireEye APT38 Oct 2018); some of their attacks have been destructive.(Citation: CISA AA20-239A BeagleBoyz August 2020)(Citation: FireEye APT38 Oct 2018)(Citation: DOJ North Korea Indictment Feb 2021)(Citation: Kaspersky Lazarus Under The Hood Blog 2017)

North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)	Groups	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	STARDUST CHOLLIMA (d8e1762a-0063-48c2-9ea1-8d176d14b70f)	Threat Actor	3
Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8)	Microsoft Activity Group actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b)	Microsoft Activity Group actor	3
TraderTraitor (825abfd9-7238-4438-a9e7-c08791f4df4e)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	4
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	5
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	5
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	5
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	5
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	5
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	5
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	5
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	5
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	5
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	5
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	5
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	5
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	5
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	5
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576)	Tool	6
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04)	Tool	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f)	Tool	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	6
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	6
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	6
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa)	Tool	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72)	Tool	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	6
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	6
KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97)	Tool	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	6
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	6
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	6
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d)	Tool	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	6
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	6
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	6
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	6
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	6
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	6
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	6
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	6
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	6
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	6
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	6
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b)	Tool	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	6
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	6
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	6
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	6
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	6
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	6
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	6
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	6
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	6
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	6
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	6
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	6
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	6
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	6
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	6
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	6
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	6
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	7
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	7
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	7
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	7
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	7
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	7
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	7
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	7
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	7
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	7
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	7