Hide Navigation Hide TOC

Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)

Magic Hound is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations such as the World Health Organization (WHO), via complex social engineering campaigns since at least 2014.(Citation: FireEye APT35 2018)(Citation: ClearSky Kittens Back 3 August 2020)(Citation: Certfa Charming Kitten January 2021)(Citation: Secureworks COBALT ILLUSION Threat Profile)(Citation: Proofpoint TA453 July2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed)	Malpedia	2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f)	Groups	2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy (bdb420be-5882-41c8-b439-02bbef69d83f)	RAT	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4)	Attack Pattern	3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5)	Malpedia	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419)	Malpedia	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8)	Malware	4
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406)	Malware	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Helminth (19d89300-ff97-4281-ac42-76542e744092)	Malpedia	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	5
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c)	Malpedia	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	5
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	5
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	5
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	5
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5