Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)

Rubeus is a C# toolset designed for raw Kerberos interaction that has been used since at least 2020, including in ransomware operations.(Citation: GitHub Rubeus March 2023)(Citation: FireEye KEGTAP SINGLEMALT October 2020)(Citation: DFIR Ryuk's Return October 2020)(Citation: DFIR Ryuk 2 Hour Speed Run November 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	1
Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	1
Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	1
AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b)	Attack Pattern	Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)	mitre-tool	1
Rubeus - S1071 (e33267fe-099f-4af2-8730-63d49f8813b2)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	1
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	2
AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	2
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2