Skip to content

Hide Navigation Hide TOC

APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)

APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau.(Citation: CISA AA20-239A BeagleBoyz August 2020) Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. Significant operations include the 2016 Bank of Bangladesh heist, during which APT38 stole $81 million, as well as attacks against Bancomext (Citation: FireEye APT38 Oct 2018) and Banco de Chile (Citation: FireEye APT38 Oct 2018); some of their attacks have been destructive.(Citation: CISA AA20-239A BeagleBoyz August 2020)(Citation: FireEye APT38 Oct 2018)(Citation: DOJ North Korea Indictment Feb 2021)(Citation: Kaspersky Lazarus Under The Hood Blog 2017)

North Korean group definitions are known to have significant overlap, and some security researchers report all North Korean state-sponsored cyber activity under the name Lazarus Group instead of tracking clusters or subgroups.

Cluster A Galaxy A Cluster B Galaxy B Level
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
Prevent Command History Logging - T1690 (b831f51c-d22f-4724-bbab-60d056bd1150) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 2
Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 2
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 2
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware 2
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
TraderTraitor (825abfd9-7238-4438-a9e7-c08791f4df4e) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b) Microsoft Activity Group actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef) Groups Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8) Microsoft Activity Group actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
STARDUST CHOLLIMA (d8e1762a-0063-48c2-9ea1-8d176d14b70f) Threat Actor Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 4
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 4
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 4
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 4
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 5
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 5
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 5
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern 5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 5
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 5
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 5
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 5
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 5
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 5
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 5
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 5
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 5
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern 5
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool 5
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 5
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 5
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 5
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 5
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 5
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 5
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 5
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 5
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 5
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 5
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 5
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 6
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 6
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 6
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern 6
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 6
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 6
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 6
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 6
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 6
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 6
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern 6
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 6
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 6
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 6
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT 6
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b) Tool 6
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 6
SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576) Tool SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 6
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 6
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 6
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f) Tool CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04) Tool WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa) Tool DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 6
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 6
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 6
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 6
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 6
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 6
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 6
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 6
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 6
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72) Tool HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 6
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97) Tool 6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 6
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 6
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 6
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 6
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 6
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d) Tool 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 6
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 6
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 7
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 7
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 7
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 7
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 7
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 7
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 7
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 7
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 7
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 7
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 7
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 7
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 7
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 7
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 7
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 7
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 7