| Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
1 |
| Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
1 |
| Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
1 |
| Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
BADHATCH - S1081 (3553b49d-d4ae-4fb6-ab17-0adbc520c888) |
Malware |
1 |
| Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
2 |
| Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
2 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) |
Attack Pattern |
2 |
| Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) |
Attack Pattern |
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) |
Attack Pattern |
2 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Asynchronous Procedure Call - T1055.004 (7c0f17c9-1af6-4628-9cbd-9e45482dd605) |
Attack Pattern |
2 |
| Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) |
Attack Pattern |
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) |
Attack Pattern |
2 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
| Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) |
Attack Pattern |
2 |
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) |
Attack Pattern |
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) |
Attack Pattern |
2 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) |
Attack Pattern |
2 |
| PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
2 |