Hide Navigation Hide TOC

APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)

APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	1
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	1
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	1
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b)	Microsoft Activity Group actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)	Groups	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8)	Microsoft Activity Group actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72)	Tool	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97)	Tool	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d)	Tool	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b)	Tool	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	3
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576)	Tool	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04)	Tool	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	3
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f)	Tool	3
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa)	Tool	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	3
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	3
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	3
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	3
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	3
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	4
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	4
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	4
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	5
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	5
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	5
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	5
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	5
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	5
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	5
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	5
Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	6
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	6
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	6
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	6
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	6
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	6
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	6
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	6