Skip to content

Hide Navigation Hide TOC

OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)

OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: Unit 42 QUADAGENT July 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419) Malpedia POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 2
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 2
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 2
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 2
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Helminth (19d89300-ff97-4281-ac42-76542e744092) Malpedia 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 2
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f) Groups OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 2
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 2
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 2
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor 3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0) Unknown 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201) Attack Pattern 3
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 3
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 3
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern 3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor 4
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 4
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed) Malpedia DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 4
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 4
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 4
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 4
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 4
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 4
APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 5
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 5
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 5
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c) Malpedia 5