Hide Navigation Hide TOC

Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)

Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations such as the World Health Organization (WHO), via complex social engineering campaigns since at least 2014.(Citation: FireEye APT35 2018)(Citation: ClearSky Kittens Back 3 August 2020)(Citation: Certfa Charming Kitten January 2021)(Citation: Secureworks COBALT ILLUSION Threat Profile)(Citation: Proofpoint TA453 July2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed)	Malpedia	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f)	Groups	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pupy (bdb420be-5882-41c8-b439-02bbef69d83f)	RAT	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	2
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	3
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	3
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	3
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5)	Malpedia	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	4
APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419)	Malpedia	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Helminth (19d89300-ff97-4281-ac42-76542e744092)	Malpedia	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c)	Malpedia	TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	5
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	5
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5