Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) |
RAT |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
1 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
2 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
2 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
2 |
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
2 |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
2 |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) |
Attack Pattern |
2 |
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) |
mitre-tool |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) |
Attack Pattern |
3 |
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
3 |
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
3 |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) |
Attack Pattern |
3 |
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
3 |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
3 |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
3 |
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) |
Attack Pattern |
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) |
Attack Pattern |
3 |
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
3 |
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) |
Attack Pattern |
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) |
Attack Pattern |
3 |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) |
Attack Pattern |
3 |
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) |
Attack Pattern |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
3 |
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) |
Attack Pattern |
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) |
Attack Pattern |
3 |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) |
Attack Pattern |
3 |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
3 |
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) |
Attack Pattern |
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) |
Attack Pattern |
3 |
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
3 |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
3 |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
3 |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
3 |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) |
Attack Pattern |
3 |
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) |
Attack Pattern |
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) |
Attack Pattern |
3 |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
3 |