Skip to content

Hide Navigation Hide TOC

Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)

Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)

Cluster A Galaxy A Cluster B Galaxy B Level
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set ENERGETIC BEAR (64d6559c-6d5c-4585-bbf9-c17868f763ee) Threat Actor 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 2
Ghost Blizzard (45d0f984-2b63-517b-922a-12924bcf4f68) Microsoft Activity Group actor ENERGETIC BEAR (64d6559c-6d5c-4585-bbf9-c17868f763ee) Threat Actor 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d) Attack Pattern 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Havex RAT (d7183f66-59ec-4803-be20-237b442259fc) Tool Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d) Malware 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Havex RAT (d7183f66-59ec-4803-be20-237b442259fc) Tool Havex RAT (c04fc02e-f35a-44b6-a9b0-732bf2fc551a) Malpedia 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3