Skip to content

Hide Navigation Hide TOC

TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)

TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Linux and Mac Permissions - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 1
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 1
Clear Linux or Mac System Logs - T1685.006 (5e29d64d-2b14-4f92-875e-4c9c498e213c) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Linux and Mac Permissions - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) Attack Pattern 2
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Clear Linux or Mac System Logs - T1685.006 (5e29d64d-2b14-4f92-875e-4c9c498e213c) Attack Pattern Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 3