Hide Navigation Hide TOC

OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)

OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: Unit 42 QUADAGENT July 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	1
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	1
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	1
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	1
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	1
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	1
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	1
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	1
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f)	Groups	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	2
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419)	Malpedia	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	2
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	2
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	2
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Helminth (19d89300-ff97-4281-ac42-76542e744092)	Malpedia	2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0)	Unknown	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	3
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	3
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	3
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	3
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5)	Malpedia	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	4
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	4
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pupy (bdb420be-5882-41c8-b439-02bbef69d83f)	RAT	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	4
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	4
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	4
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed)	Malpedia	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	4
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	5
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	5
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c)	Malpedia	5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	5
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	5
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	5