System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Moses Staff - G1009 (4c4a7846-45d5-4761-8eea-725fa989914c) |
Intrusion Set |
1 |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
2 |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) |
Attack Pattern |
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) |
Attack Pattern |
2 |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
2 |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) |
Attack Pattern |
2 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
2 |
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) |
Attack Pattern |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
2 |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
2 |
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
2 |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
2 |
DCSrv - S1033 (5633ffd3-81ef-4f98-8f93-4896b03998f0) |
Malware |
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
2 |
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
2 |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
2 |
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
2 |
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
2 |
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) |
Attack Pattern |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
2 |
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0) |
Malware |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
2 |
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) |
Tool |
2 |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
2 |
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) |
Attack Pattern |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
2 |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
2 |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
2 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
2 |
PyDCrypt - S1032 (2ac41e8b-4865-4ced-839d-78e7852c47f3) |
Malware |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
2 |
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) |
Attack Pattern |
2 |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
2 |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
3 |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
3 |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
3 |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) |
Attack Pattern |
3 |
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) |
Attack Pattern |
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) |
Attack Pattern |
3 |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
3 |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
3 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
3 |