Skip to content

Hide Navigation Hide TOC

TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)

TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 3
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 3