TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)

TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.(Citation: Proofpoint TA2541 February 2022)(Citation: Cisco Operation Layover September 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	1
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
TA2541 - G1018 (467271fd-47c0-4e90-a3f9-d84f5cf790d0)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Snip3 - S1086 (4327aff5-f194-440c-b499-4d9730cc1eab)	Malware	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)	mitre-tool	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
jRAT - S0283 (efece7e8-e40b-49c2-9f84-c55c5c93d05c)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
WarzoneRAT - S0670 (fde19a18-e502-467f-be14-58c71b4e7f4b)	Malware	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Revenge RAT - S0379 (bdb27a1d-1844-42f1-a0c0-826027ae0326)	Malware	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
NETWIRE - S0198 (2a70812b-f1ef-44db-8578-a496a227aef2)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	2
Agent Tesla - S0331 (e7a5229f-05eb-440e-b982-9a6d2b2b87c8)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	njRAT - S0385 (d906e6f7-434c-44c0-b51a-ed50af8f7945)	Malware	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Imminent Monitor - S0434 (8f8cd191-902c-4e83-bf20-b57c8c4640e9)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	3
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Fast Flux DNS - T1568.001 (29ba5a15-3b7b-4732-b817-65ea8f6468e6)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3