Dragonfly 2.0 - G0074 (76d59913-1d24-4992-a8ac-05a3eb093f71)

Dragonfly 2.0 is a suspected Russian group that has targeted government entities and multiple U.S. critical infrastructure sectors since at least December 2015. (Citation: US-CERT TA18-074A) (Citation: Symantec Dragonfly Sept 2017) There is debate over the extent of overlap between Dragonfly 2.0 and Dragonfly, but there is sufficient evidence to lead to these being tracked as two separate groups. (Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Dragos DYMALLOY )

Rows: 272
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern Intrusion Set Malware Microsoft Activity Group actor mitre-tool Threat Actor Tool		Clear Attack Pattern Intrusion Set Malpedia Malware mitre-tool Threat Actor Tool	Clear 1 2 3 4
Dragonfly 2.0 - G0074 (76d59913-1d24-4992-a8ac-05a3eb093f71)	Intrusion Set	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	2
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
ENERGETIC BEAR (64d6559c-6d5c-4585-bbf9-c17868f763ee)	Threat Actor	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	2
Dragonfly - G0035 (1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Havex RAT (d7183f66-59ec-4803-be20-237b442259fc)	Tool	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Backdoor.Oldrea - S0093 (083bb47b-02c8-4423-81a2-f9ef58572974)	Malware	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Trojan.Karagany - S0094 (82cb34ba-02b5-432b-b2d2-07f55cbf674d)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	3
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Users - T1564.002 (8c4aef43-48d5-49aa-b2af-c0cd58d30c3d)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	3
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
MCMD - S0500 (975737f1-b10d-476f-8bda-3ec26ea57172)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Ghost Blizzard (45d0f984-2b63-517b-922a-12924bcf4f68)	Microsoft Activity Group actor	ENERGETIC BEAR (64d6559c-6d5c-4585-bbf9-c17868f763ee)	Threat Actor	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Havex RAT (d7183f66-59ec-4803-be20-237b442259fc)	Tool	Havex RAT (c04fc02e-f35a-44b6-a9b0-732bf2fc551a)	Malpedia	4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4

Dragonfly 2.0 - G0074 (76d59913-1d24-4992-a8ac-05a3eb093f71)

TableFilter v0.7.2