| Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
Thrip - G0076 (d69e568e-9ac8-4c08-b32c-d93b43ba9172) |
Intrusion Set |
1 |
| Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
2 |
| Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) |
Attack Pattern |
Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
2 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
2 |
| Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
2 |
| Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) |
Attack Pattern |
2 |
| Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
2 |
| Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
2 |
| Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
2 |
| Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
2 |
| System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
Catchamas - S0261 (8d9e758b-735f-4cbc-ba7c-32cd15138b2a) |
Malware |
2 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) |
Tool |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
2 |
| Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
2 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) |
Tool |
2 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
2 |
| Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) |
Attack Pattern |
2 |
| DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
2 |
| Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) |
mitre-tool |
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
2 |
| Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
3 |
| Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) |
Attack Pattern |
3 |
| Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) |
Attack Pattern |
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
3 |
| Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
3 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
3 |
| System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
3 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
3 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
| MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) |
Malpedia |
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) |
Tool |
3 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) |
Attack Pattern |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
3 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
3 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
3 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
3 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) |
Attack Pattern |
3 |
| DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
| Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
3 |