LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)

LAPSUS$ is cyber criminal threat group that has been active since at least mid-2021. LAPSUS$ specializes in large-scale social engineering and extortion operations, including destructive attacks without the use of ransomware. The group has targeted organizations globally, including in the government, manufacturing, higher education, energy, healthcare, technology, telecommunications, and media sectors.(Citation: BBC LAPSUS Apr 2022)(Citation: MSTIC DEV-0537 Mar 2022)(Citation: UNIT 42 LAPSUS Mar 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Multi-Factor Authentication Interception - T1111 (dd43c543-bb85-4a6f-aa6e-160d90d06a49)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
SIM Card Swap - T1451 (a64a820a-cb21-471f-920c-506a2ff04fa5)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	LAPSUS$ - G1004 (d8bc9788-4f7d-41a9-9e9d-ee1ea18a8cf7)	Intrusion Set	1
Purchase Technical Data - T1597.002 (0a241b6c-7bb2-48f9-98f7-128145b4d27f)	Attack Pattern	Search Closed Sources - T1597 (a51eb150-93b1-484b-a503-e51453b127a4)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	Code Repositories - T1593.003 (70910fbd-58dc-4c1c-8c48-814d11fcd022)	Attack Pattern	2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Identify Roles - T1591.004 (cc723aff-ec88-40e3-a224-5af9fd983cc4)	Attack Pattern	2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519)	Attack Pattern	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Delete Cloud Instance - T1578.003 (70857657-bd0b-4695-ad3e-b13f92cac1b4)	Attack Pattern	Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90)	Attack Pattern	2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Code Repositories - T1213.003 (cff94884-3b1c-4987-a70b-6d5643c621c3)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Additional Cloud Roles - T1098.003 (2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Confluence - T1213.001 (7ad38ef1-381a-406d-872a-38b136eb5ecc)	Attack Pattern	2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	DNS Server - T1584.002 (c2f59d25-87fe-44aa-8f83-e8e59d077bf5)	Attack Pattern	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Chat Messages - T1552.008 (9664ad0e-789e-40ac-82e2-d7b17fbe8fb3)	Attack Pattern	2
Spearphishing Voice - T1598.004 (6a5d222a-a7e0-4656-b110-782c33098289)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Create Cloud Instance - T1578.002 (cf1c2504-433f-4c4e-a1f8-91de45a0318c)	Attack Pattern	Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90)	Attack Pattern	2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3