Hide Navigation Hide TOC

Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)

Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations such as the World Health Organization (WHO), via complex social engineering campaigns since at least 2014.(Citation: FireEye APT35 2018)(Citation: ClearSky Kittens Back 3 August 2020)(Citation: Certfa Charming Kitten January 2021)(Citation: Secureworks COBALT ILLUSION Threat Profile)(Citation: Proofpoint TA453 July2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	1
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	1
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	1
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	1
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed)	Malpedia	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f)	Groups	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Pupy (bdb420be-5882-41c8-b439-02bbef69d83f)	RAT	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	3
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5)	Malpedia	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419)	Malpedia	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	4
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Helminth (19d89300-ff97-4281-ac42-76542e744092)	Malpedia	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	4
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c)	Malpedia	5
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	5