Hide Navigation Hide TOC

FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)

FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has primarily targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, transportation, and utilities industries in the U.S. A portion of FIN7 was run out of a front company called Combi Security and often used point-of-sale malware for targeting efforts. Since 2020, FIN7 shifted operations to a big game hunting (BGH) approach including use of REvil ransomware and their own Ransomware as a Service (RaaS), Darkside. FIN7 may be linked to the Carbanak Group, but there appears to be several groups using Carbanak malware and are therefore tracked separately.(Citation: FireEye FIN7 March 2017)(Citation: FireEye FIN7 April 2017)(Citation: FireEye CARBANAK June 2017)(Citation: FireEye FIN7 Aug 2018)(Citation: CrowdStrike Carbon Spider August 2021)(Citation: Mandiant FIN7 Apr 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	1
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	1
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	TEXTMATE - S0146 (4f6aa78c-c3d4-4883-9840-96ca2f5d6d47)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	1
RDFSNIFFER - S0416 (065196de-d7e8-4888-acfb-b2134022ba1b)	Malware	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	FIN7 (00220228-a5a4-4032-a30d-826bb55aa3fb)	Threat Actor	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	1
FIN7 - G0046 (3753cc21-2dae-4dfb-8481-d004e74502cc)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
REvil - S0496 (ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	2
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	2
SQLRat - S0390 (8fc6c9e7-a162-4ca4-a488-f1819e9a7b06)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	2
Pillowmint - S0517 (bd7a9e13-69fa-4243-a5e5-04326a63f9f2)	Malware	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	2
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	2
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	BOOSTWRITE - S0415 (56d10a7f-bb42-4267-9b4c-63abb9c06010)	Malware	2
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Maze - S0449 (d9f7383c-95ec-4080-bbce-121c9384457b)	Malware	2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
DNSMessenger (ee8ccb36-2596-43a3-a044-b8721dbeb2ab)	RAT	POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	DNSMessenger (b376580e-aba1-4ac9-9c2d-2df429efecf6)	Malpedia	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	POWERSOURCE - S0145 (17e919aa-4a49-445c-b103-dbb8df9e7351)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
DNSMessenger (ee8ccb36-2596-43a3-a044-b8721dbeb2ab)	RAT	TEXTMATE - S0146 (4f6aa78c-c3d4-4883-9840-96ca2f5d6d47)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TEXTMATE - S0146 (4f6aa78c-c3d4-4883-9840-96ca2f5d6d47)	Malware	2
DNSMessenger (b376580e-aba1-4ac9-9c2d-2df429efecf6)	Malpedia	TEXTMATE - S0146 (4f6aa78c-c3d4-4883-9840-96ca2f5d6d47)	Malware	2
TEXTMATE - S0146 (4f6aa78c-c3d4-4883-9840-96ca2f5d6d47)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	2
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	RDFSNIFFER - S0416 (065196de-d7e8-4888-acfb-b2134022ba1b)	Malware	2
RDFSNIFFER - S0416 (065196de-d7e8-4888-acfb-b2134022ba1b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
RDFSNIFFER - S0416 (065196de-d7e8-4888-acfb-b2134022ba1b)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
Sangria Tempest (9471ad21-0553-5483-bf7c-e6ad9c062c79)	Microsoft Activity Group actor	FIN7 (00220228-a5a4-4032-a30d-826bb55aa3fb)	Threat Actor	2
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	FIN7 (00220228-a5a4-4032-a30d-826bb55aa3fb)	Threat Actor	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
GRIFFON - S0417 (04fc1842-f9e4-47cf-8cb8-5c61becad142)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	2
Lizar - S0681 (f74a5069-015d-4404-83ad-5ca01056c0dc)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Carbanak (8c246ec4-eaa5-42c0-b137-29f28cbb6832)	Malpedia	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
VB Flash (2815a353-cd56-4ed0-8581-812b94f7a326)	Tool	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	HALFBAKED - S0151 (0ced8926-914e-4c78-bc93-356fb90dbd1f)	Malware	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	2
JSS Loader - S0648 (f559f945-eb8b-48b1-904c-68568deebed3)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	3
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
Run Virtual Instance - T1564.006 (b5327dd1-6bf9-4785-a199-25bcbd1f4a9d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
DNSMessenger (ee8ccb36-2596-43a3-a044-b8721dbeb2ab)	RAT	DNSMessenger (b376580e-aba1-4ac9-9c2d-2df429efecf6)	Malpedia	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	3
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Carbanak - S0030 (72f54d66-675d-4587-9bd3-4ed09f9522e4)	Malware	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Carbanak - APT-C-11 (a4aba29f-fb91-50d9-bdf9-2b184922a200)	360.net Threat Actors	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	3
Carbanak - G0008 (55033a4d-3ffe-46b2-99b4-2c1541e9ce1c)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
VB Flash (2815a353-cd56-4ed0-8581-812b94f7a326)	Tool	Private Cluster (71ac10de-1103-40a7-b65b-f97dab9769bf)	Unknown	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5