Hide Navigation Hide TOC

APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)

APT37 has likely been active since at least 2012 and focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	1
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	1
APT37 (50cd027f-df14-40b2-aa22-bf5de5061163)	Threat Actor	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	1
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d)	360.net Threat Actors	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
STARDUST CHOLLIMA (d8e1762a-0063-48c2-9ea1-8d176d14b70f)	Threat Actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	TraderTraitor (825abfd9-7238-4438-a9e7-c08791f4df4e)	Threat Actor	2
Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b)	Microsoft Activity Group actor	Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)	Groups	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e)	Threat Actor	2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376)	Threat Actor	Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8)	Microsoft Activity Group actor	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c)	Intrusion Set	2
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce)	360.net Threat Actors	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	3
route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a)	Intrusion Set	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d)	Tool	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b)	Tool	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8)	Malware	3
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16)	Malware	SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576)	Tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f)	Tool	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	3
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	3
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04)	Tool	WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845)	Malware	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa)	Tool	3
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	3
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72)	Tool	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	3
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	3
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053)	Malware	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	3
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	3
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322)	Malware	KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97)	Tool	3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Prevent Command History Logging - T1690 (b831f51c-d22f-4724-bbab-60d056bd1150)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152)	Malware	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079)	mitre-tool	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103)	Attack Pattern	Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42)	Malware	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369)	Malware	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	4
RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	4
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725)	Malware	4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	4
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	4
AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858)	Malware	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	4
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3)	Malware	4
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)	Malware	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	5
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	5
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	5
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	5
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	5
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	5
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	5
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d)	Attack Pattern	Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452)	Attack Pattern	5
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	5
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	5
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	5
Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	5
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	5
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	5
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Windows Permissions - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931)	Tool	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815)	RAT	Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f)	Malpedia	5
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	5
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	5
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d)	Attack Pattern	5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	5
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	5
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	6
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	6
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	6
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	6
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	6
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	6