Skip to content

Hide Navigation Hide TOC

UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)

Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amount of press reporting has focused on the identification of the actor(s) involved, victim organizations, possible campaign timeline, and potential impact. The US Government and cyber community have also provided detailed information on how the campaign was likely conducted and some of the malware used. MITRE’s ATT&CK team — with the assistance of contributors — has been mapping techniques used by the actor group, referred to as UNC2452/Dark Halo by FireEye and Volexity respectively, as well as SUNBURST and TEARDROP malware.

Cluster A Galaxy A Cluster B Galaxy B Level
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor 1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool 1
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool 1
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool 2
Notion (5c807e49-dc90-4f80-b044-49bb990acb61) online-service SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool 2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern 3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 3
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 3
Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 3
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool 3
TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a) Malpedia TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool 3
GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f) Malpedia GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool 3
SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704) Tool SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7) Malpedia OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 4
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207) Malpedia 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool 4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd) Malpedia 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba) Tool GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7) Attack Pattern 4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern 4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 4
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 4
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 4
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY (4df1b257-c242-46b0-b120-591430066b6f) Malpedia POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 4
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool Raindrop (309f9be7-8824-4452-90b3-cef81fd10099) Malpedia 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 5
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 5
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 5
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 5
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 5
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 5
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 5
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 5
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 5
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 5
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 5
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 5
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5