APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	1
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9)	Tool	3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	3
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362)	Tool	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75)	Malpedia	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	4
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	4
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	4
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	4
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	4
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	4