Skip to content

Hide Navigation Hide TOC

APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)

APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub August 2020) This group has been active since at least 2004.(Citation: DOJ GRU Indictment Jul 2018) (Citation: Ars Technica GRU indictment Jul 2018) (Citation: Crowdstrike DNC June 2016) (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28 January 2017) (Citation: GRIZZLY STEPPE JAR) (Citation: Sofacy DealersChoice) (Citation: Palo Alto Sofacy 06-2018) (Citation: Symantec APT28 Oct 2018) (Citation: ESET Zebrocy May 2019)

APT28 reportedly compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election. (Citation: Crowdstrike DNC June 2016) In 2018, the US indicted five GRU Unit 26165 officers associated with APT28 for cyber operations (including close-access operations) conducted between 2014 and 2018 against the World Anti-Doping Agency (WADA), the US Anti-Doping Agency, a US nuclear facility, the Organization for the Prohibition of Chemical Weapons (OPCW), the Spiez Swiss Chemicals Laboratory, and other organizations.(Citation: US District Court Indictment GRU Oct 2018) Some of these were conducted with the assistance of GRU Unit 74455, which is also referred to as Sandworm Team.

Cluster A Galaxy A Cluster B Galaxy B Level
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware 1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c) Intrusion Set Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 1
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d) Malware Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518) Malware 2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern 2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519) Malware DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd) 360.net Threat Actors 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d) Malware 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef) Attack Pattern 2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb) Malware USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362) Tool 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81) Malware 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be) Malware 2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2) Malware Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) Attack Pattern 2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec) Microsoft Activity Group actor 2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754) Threat Actor Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347) Microsoft Activity Group actor 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9) Tool 2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2) mitre-tool 2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware 2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern 2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069) Malware 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a) mitre-tool 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b) Malware 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia 3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c) Tool CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf) Malpedia CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40) Tool 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 3
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a) Tool 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa) Tool 3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e) Malpedia CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e) Malpedia 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d) Unknown 3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c) Malpedia 3
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729) Android CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd) Tool 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a) Tool Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2) Malpedia 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829) Attack Pattern Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549) Attack Pattern 3
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520) Tool OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75) Malpedia 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb) Tool Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75) Malpedia 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74) Malpedia X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101) Tool 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3