Skip to content

Hide Navigation Hide TOC

OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)

OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industries; however, this group has occasionally targeted organizations outside of the Middle East as well. It also appears OilRig carries out supply chain attacks, where the threat group leverages the trust relationship between organizations to attack their primary targets.

OilRig is an active and organized threat group, which is evident based on their systematic targeting of specific organizations that appear to be carefully chosen for strategic purposes. Attacks attributed to this group primarily rely on social engineering to exploit the human rather than software vulnerabilities; however, on occasion this group has used recently patched vulnerabilities in the delivery phase of their attacks. The lack of software vulnerability exploitation does not necessarily suggest a lack of sophistication, as OilRig has shown maturity in other aspects of their operations. Such maturities involve:

-Organized evasion testing used the during development of their tools. -Use of custom DNS Tunneling protocols for command and control (C2) and data exfiltration. -Custom web-shells and backdoors used to persistently access servers.

OilRig relies on stolen account credentials for lateral movement. After OilRig gains access to a system, they use credential dumping tools, such as Mimikatz, to steal credentials to accounts logged into the compromised system. The group uses these credentials to access and to move laterally to other systems on the network. After obtaining credentials from a system, operators in this group prefer to use tools other than their backdoors to access the compromised systems, such as remote desktop and putty. OilRig also uses phishing sites to harvest credentials to individuals at targeted organizations to gain access to internet accessible resources, such as Outlook Web Access.

Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organizations leads FireEye to assess that those sectors are a primary concern of APT34. The use of infrastructure tied to Iranian operations, timing and alignment with the national interests of Iran also lead FireEye to assess that APT34 acts on behalf of the Iranian government.

Cluster A Galaxy A Cluster B Galaxy B Level
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f) Groups OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 1
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 2
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth (19d89300-ff97-4281-ac42-76542e744092) Malpedia Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419) Malpedia POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 3
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 3
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed) Malpedia 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c) Malpedia TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 4
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4