Hide Navigation Hide TOC

APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)

APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which APT38 stole $81 million, as well as attacks against Bancomext (Citation: FireEye APT38 Oct 2018) and Banco de Chile (Citation: FireEye APT38 Oct 2018); some of their attacks have been destructive.(Citation: CISA AA20-239A BeagleBoyz August 2020)(Citation: FireEye APT38 Oct 2018)(Citation: DOJ North Korea Indictment Feb 2021)(Citation: Kaspersky Lazarus Under The Hood Blog 2017)

North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	1
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	1
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	1
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	2
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	2
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)	Groups	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e)	Threat Actor	3
Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8)	Microsoft Activity Group actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	3
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b)	Microsoft Activity Group actor	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	4
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	4
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	5
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	5
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	5
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	5
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	5
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	5
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	5
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	5
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	5
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	5
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	5
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	5
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	5
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	5
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	5
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	5
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b)	Tool	6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	6
SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576)	Tool	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	6
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	6
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04)	Tool	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	6
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f)	Tool	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa)	Tool	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	6
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	6
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	6
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	6
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	6
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	6
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72)	Tool	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97)	Tool	6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	6
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d)	Tool	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	6
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	6
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	6
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	6
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	6
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	6
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	6
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	6
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	6
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	6
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	6
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	6
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	6
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	6
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	6
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	6
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	6
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	6
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	7
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	7
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	7
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	7
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	7
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	7
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	7
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	7
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	7
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	7
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	7
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	7