Hide Navigation Hide TOC

UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)

Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amount of press reporting has focused on the identification of the actor(s) involved, victim organizations, possible campaign timeline, and potential impact. The US Government and cyber community have also provided detailed information on how the campaign was likely conducted and some of the malware used. MITRE’s ATT&CK team — with the assistance of contributors — has been mapping techniques used by the actor group, referred to as UNC2452/Dark Halo by FireEye and Volexity respectively, as well as SUNBURST and TEARDROP malware.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	1
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	1
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	1
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	1
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	1
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
Notion (5c807e49-dc90-4f80-b044-49bb990acb61)	online-service	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a)	Malpedia	3
GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f)	Malpedia	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	3
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704)	Tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	3
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	Raindrop (309f9be7-8824-4452-90b3-cef81fd10099)	Malpedia	4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207)	Malpedia	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	4
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd)	Malpedia	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba)	Tool	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	POSHSPY (4df1b257-c242-46b0-b120-591430066b6f)	Malpedia	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7)	Malpedia	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	4
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	5
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	5
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	5
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	5
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	5
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	5
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	5
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	5
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	5
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	5
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	5
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	5
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	5
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	5
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	5
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	5
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	5
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	5
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	5
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	5
Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	5
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5