Skip to content

Hide Navigation Hide TOC

APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80)

APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. APT39 has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI FLASH APT39 September 2020)(Citation: Dept. of Treasury Iran Sanctions September 2020)(Citation: DOJ Iran Indictments September 2020)

Cluster A Galaxy A Cluster B Galaxy B Level
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 1
ASPXSpy - S0073 (56f46b17-8cfa-46c0-b501-dd52fef394e2) Malware APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
pwdump - S0006 (9de2308e-7bed-43a3-8e58-f194b3586700) mitre-tool APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 1
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 1
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
Windows Credential Editor - S0005 (242f3da3-4425-4d11-8f5c-b842886da966) mitre-tool APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set 1
APT39 - G0087 (44e43fad-ffcb-4210-abcf-eaaed9735f80) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
ASPXSpy - S0073 (56f46b17-8cfa-46c0-b501-dd52fef394e2) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cadelspy - S0454 (a705b085-1eae-455e-8f4d-842483d814eb) Malware 2
pwdump - S0006 (9de2308e-7bed-43a3-8e58-f194b3586700) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Remexi - S0375 (ecc2f65a-b452-4eaf-9689-7e181f17f7a5) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
MechaFlounder - S0459 (dfa03c7d-79ed-4ce2-b9d1-ddc9dbf56ad2) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern AutoHotKey & AutoIT - T1059.010 (3a32740a-11b0-4bcf-b0a9-3abd0f6d3cd5) Attack Pattern 2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 2
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Windows Credential Editor - S0005 (242f3da3-4425-4d11-8f5c-b842886da966) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3