Hide Navigation Hide TOC

MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)

MuddyWater is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at least 2017, MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, finance, defense, and oil and natural gas organizations, in the Middle East (specifically the UAE and Saudi Arabia), Asia, Africa, Europe, and North America. MuddyWater has reused domains dating back to October 2025, and has a preference for NameCheap and Hosterdaddy Private Limited (AS136557). In late 2025 and early 2026, MuddyWater used commercial satellite internet (i.e., Starlink) for command and control (C2) communication. (Citation: FalconFeeds_Iran_Mar2026)(Citation: Huntio_IranInfra_Mar2026)(Citation: Unit 42 MuddyWater Nov 2017)(Citation: Symantec MuddyWater Dec 2018)(Citation: ClearSky MuddyWater Nov 2018)(Citation: ClearSky MuddyWater June 2019)(Citation: Reaqta MuddyWater November 2017)(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: Talos MuddyWater Jan 2022)(Citation: NaumaanProofpoint_GlobalClickFix_April2025)(Citation: ESET_MuddyWater_Dec2025)(Citation: SymantecCarbonBlack_Seedworm_Mar2026)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	1
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	1
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
MuddyWater (a29af069-03c3-4534-b78b-7d1a77ea085b)	Threat Actor	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	1
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	1
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261)	mitre-tool	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b)	mitre-tool	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	1
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	1
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79)	mitre-tool	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54)	Malware	Delay Execution - T1678 (a1df809c-7d0e-459f-8fe5-25474bab770b)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
MuddyWater (a29af069-03c3-4534-b78b-7d1a77ea085b)	Threat Actor	Mango Sandstorm (da68ca6d-250f-50f1-a585-240475fdbb35)	Microsoft Activity Group actor	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	2
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	2
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883)	Malware	System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	2
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	2
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b)	mitre-tool	2
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b)	mitre-tool	2
RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	2
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe)	Malware	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Delay Execution - T1678 (a1df809c-7d0e-459f-8fe5-25474bab770b)	Attack Pattern	Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a)	Malware	2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747)	Attack Pattern	2
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	2
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d)	Malware	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519)	Attack Pattern	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37)	Malware	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	3
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	3
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	3
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3