| Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) |
Attack Pattern |
1 |
| Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
1 |
| Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) |
Attack Pattern |
1 |
| Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
1 |
| External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) |
Attack Pattern |
1 |
| Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) |
Attack Pattern |
1 |
| Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
1 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) |
Attack Pattern |
1 |
| System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
1 |
| Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) |
mitre-tool |
1 |
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
1 |
| TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) |
Intrusion Set |
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) |
Attack Pattern |
1 |
| Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) |
Attack Pattern |
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) |
Attack Pattern |
2 |
| Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) |
Attack Pattern |
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
2 |
| Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
2 |
| Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) |
Attack Pattern |
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) |
Attack Pattern |
2 |
| Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) |
Attack Pattern |
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
2 |
| LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) |
mitre-tool |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
| Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) |
Attack Pattern |
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
2 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) |
Attack Pattern |
2 |
| Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
2 |
| Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) |
Attack Pattern |
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) |
Attack Pattern |
2 |
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) |
Attack Pattern |
2 |
| Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) |
Attack Pattern |
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) |
mitre-tool |
2 |
| Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
2 |
| User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) |
Attack Pattern |
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
2 |
| Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) |
Attack Pattern |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
2 |
| Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
2 |
| Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
2 |
| Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
2 |
| File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) |
Attack Pattern |
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
2 |
| Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) |
Malware |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
2 |
| Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
2 |
| Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
2 |
| Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
2 |
| Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) |
Attack Pattern |
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) |
Attack Pattern |
2 |
| File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
| Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) |
Attack Pattern |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
2 |
| Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) |
mitre-tool |
2 |
| Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) |
Attack Pattern |
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) |
Attack Pattern |
2 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
3 |
| Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
3 |
| Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
3 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
3 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
3 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) |
Attack Pattern |
3 |
| Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) |
Attack Pattern |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
3 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
3 |
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) |
Attack Pattern |
3 |