Skip to content

Hide Navigation Hide TOC

APT32 (aa29ae56-e54b-47a2-ad16-d3ab0242d5d7)

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests.

Cluster A Galaxy A Cluster B Galaxy B Level
APT32 (aa29ae56-e54b-47a2-ad16-d3ab0242d5d7) Threat Actor Private Cluster (7e5a571f-dee2-4cae-a960-f8ab8a8fb1cf) Unknown 1
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set APT32 (aa29ae56-e54b-47a2-ad16-d3ab0242d5d7) Threat Actor 1
APT32 (aa29ae56-e54b-47a2-ad16-d3ab0242d5d7) Threat Actor 海莲花 - APT-C-00 (ad1a6df6-2251-5e47-a245-8693c1ace8fb) 360.net Threat Actors 1
APT32 (aa29ae56-e54b-47a2-ad16-d3ab0242d5d7) Threat Actor Canvas Cyclone (37808cab-cbb3-560b-bebd-375fa328ea1e) Microsoft Activity Group actor 1
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 海莲花 - APT-C-00 (ad1a6df6-2251-5e47-a245-8693c1ace8fb) 360.net Threat Actors 2
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set KOMPROGO - S0156 (7dbb67c7-270a-40ad-836e-c45f8948aa5a) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 2
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) Attack Pattern 2
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 2
APT32 - G0050 (247cb30b-955f-42eb-97a5-a89fef69341e) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
海莲花 - APT-C-00 (ad1a6df6-2251-5e47-a245-8693c1ace8fb) 360.net Threat Actors Canvas Cyclone (37808cab-cbb3-560b-bebd-375fa328ea1e) Microsoft Activity Group actor 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Denis - S0354 (f25aab1a-0cef-4910-a85d-bb38b32ea41a) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern WINDSHIELD - S0155 (98e8a977-3416-43aa-87fa-33e287e9c14c) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern KOMPROGO - S0156 (7dbb67c7-270a-40ad-836e-c45f8948aa5a) Malware 3
KOMPROGO - S0156 (7dbb67c7-270a-40ad-836e-c45f8948aa5a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
KOMPROGO - S0156 (7dbb67c7-270a-40ad-836e-c45f8948aa5a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
SOUNDBITE - S0157 (9ca488bd-9587-48ef-b923-1743523e63b2) Malware SOUNDBITE (f4cac204-3d3f-4bb6-84bd-fc27b2f5158c) Malpedia 3
PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
PHOREAL - S0158 (f6ae7a52-f3b6-4525-9daf-640c083f006e) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
OSX_OCEANLOTUS.D - S0352 (b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 3
Drive-by Target - T1608.004 (31fe0ba2-62fd-4fd9-9293-4043d84f7fe9) Attack Pattern Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
RotaJakiro - S1078 (08e844a8-371f-4fe3-9d1f-e056e64a7fde) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware 3
Goopy - S0477 (eac3d77f-2b7b-4599-ba74-948dc16633ad) Malware Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 3
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 3
Kerrdown - S0585 (8c1d01ff-fdc0-4586-99bd-c248e0761af5) Malware Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 3
PubPrn - T1216.001 (09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58) Attack Pattern System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) Attack Pattern 3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
Gatekeeper Bypass - T1553.001 (31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Unix Shell Configuration Modification - T1546.004 (b63a34e8-0a61-4c97-a23b-bf8a2ed812e2) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 4