Skip to content

Hide Navigation Hide TOC

TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)

TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 1
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca) Intrusion Set 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27) mitre-tool 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156) Attack Pattern 2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern 2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221) mitre-tool 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783) Attack Pattern Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 2
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99) Attack Pattern 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120) Malware 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3