Skip to content

Hide Navigation Hide TOC

MuddyWater (a29af069-03c3-4534-b78b-7d1a77ea085b)

The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.

Cluster A Galaxy A Cluster B Galaxy B Level
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set MuddyWater (a29af069-03c3-4534-b78b-7d1a77ea085b) Threat Actor 1
MuddyWater (a29af069-03c3-4534-b78b-7d1a77ea085b) Threat Actor Mango Sandstorm (da68ca6d-250f-50f1-a585-240475fdbb35) Microsoft Activity Group actor 1
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware 2
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261) mitre-tool 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b) mitre-tool 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Internal Spearphishing - T1534 (9e7452df-5144-4b6e-b04a-b66dd4016747) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) Attack Pattern MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
MuddyWater - G0069 (269e8108-68c6-4f99-b911-14b2e765dec2) Intrusion Set Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 3
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6) Attack Pattern 3
Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware 3
DCHSpy - S1243 (6d5c257d-e6de-4c95-a7e8-09ac9386007d) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 3
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519) Attack Pattern Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
POWERSTATS - S0223 (e8545794-b98c-492b-a5b3-4b5a02682e37) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool 3
Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool 3
Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4) mitre-tool Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Delay Execution - T1678 (a1df809c-7d0e-459f-8fe5-25474bab770b) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 3
MuddyViper - S9032 (7b92e996-b535-4159-be16-3c3aee4edf54) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Small Sieve - S1035 (ff41b9b6-4c1d-407b-a7e2-835109c8dbc5) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
STARWHALE - S1037 (e355fc84-6f3c-4888-8e0a-d7fa9c378532) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
SHARPSTATS - S0450 (73c4711b-407a-449d-b269-e3b1531fe7a9) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Tsundere Botnet - S9034 (18f5f8c6-bba5-4aba-93e7-3539fe565883) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Out1 - S0594 (80c815bb-b24a-4b9c-9d73-ff4c075a278d) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern PowerSploit - S0194 (13cd9151-83b7-410d-9f98-25d0f0d1d80d) mitre-tool 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261) mitre-tool 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261) mitre-tool 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern ConnectWise - S0591 (842976c7-f9c8-41b2-8371-41dc64fbe261) mitre-tool 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b) mitre-tool 3
RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b) mitre-tool Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 3
RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
RemoteUtilities - S0592 (03c6e0ea-96d3-4b23-9afb-05055663cf4b) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowGoop - S1046 (c19d19ae-dd58-4584-8469-966bbeaa80e3) Malware 3
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware 3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware 3
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Mori - S1047 (7e100ca4-e639-48d9-9a9d-8ad84aa7b448) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware 3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware 3
LP-Notes - S9036 (7fbf1f1e-cbd8-4060-8e3b-7ca0e56ce3fe) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
CrackMapExec - S0488 (c4810609-7da6-48ec-8057-1b70a7814db0) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64) Attack Pattern 3
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Network Topology - T1590.004 (34ab90a3-05f6-4259-8f21-621081fdaba5) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Delay Execution - T1678 (a1df809c-7d0e-459f-8fe5-25474bab770b) Attack Pattern Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware 3
Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware 3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware 3
Fooder - S9033 (7c8865dc-1bf9-49ce-b5f2-f15abde0909a) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d) Attack Pattern 4
Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 4
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 4
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 4
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 4
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4