Hide Navigation Hide TOC

Tick (add6554a-815a-4ac3-9b22-9337b9661ab8)

Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. This threat actor targets organizations in the critical infrastructure, heavy industry, manufacturing, and international relations sectors for espionage purposes. The attacks appear to be centered on political, media, and engineering sectors. STALKER PANDA has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Tick (add6554a-815a-4ac3-9b22-9337b9661ab8)	Threat Actor	1
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Right-to-Left Override - T1036.002 (77eae145-55db-4519-8ae5-77b0c7215d69)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54)	mitre-tool	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	at - S0110 (0c8465c0-d0b4-4670-992e-4eee8d7ff952)	mitre-tool	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	2
Windows Credential Editor - S0005 (242f3da3-4425-4d11-8f5c-b842886da966)	mitre-tool	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
Taint Shared Content - T1080 (246fd3c7-f5e3-466d-8787-4c13d9e3b61c)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
schtasks - S0111 (c9703cd3-141c-43a0-a926-380082be5d04)	mitre-tool	BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	2
BRONZE BUTLER - G0060 (93f52415-0fe4-4d3d-896c-fc9b8e88ab90)	Intrusion Set	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	2
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
down_new - S0472 (8be7c69e-d8e3-4970-9668-61de08e508cc)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	build_downer - S0471 (d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40)	Malware	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Right-to-Left Override - T1036.002 (77eae145-55db-4519-8ae5-77b0c7215d69)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54)	mitre-tool	3
gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
gsecdump - S0008 (b07c2c47-fefb-4d7c-a69e-6a3296171f54)	mitre-tool	gsecdump (8410d208-7450-407d-b56c-e5c1ced19632)	Malpedia	3
at - S0110 (0c8465c0-d0b4-4670-992e-4eee8d7ff952)	mitre-tool	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Daserf (70f6c71f-bc0c-4889-86e3-ef04e5b8415b)	Malpedia	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Daserf - S0187 (b6b3dfc7-9a81-43ff-ac04-698bad48973a)	Malware	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	3
ShadowPad - S0596 (ec9e00dd-0313-4d5b-8105-c20aa47abffc)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	3
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	3
BBK - S0470 (f0fc920e-57a3-4af5-89be-9ea594c8b1ea)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
cmd - S0106 (bba595da-b73a-4354-aa6c-224d4de7cb4e)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	ABK - S0469 (a0ebedca-d558-4e48-8ff7-4bf76208d90c)	Malware	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Avenger - S0473 (36ede314-7db4-4d09-b53d-81bbfbe5f6f8)	Malware	3
Windows Credential Editor - S0005 (242f3da3-4425-4d11-8f5c-b842886da966)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	schtasks - S0111 (c9703cd3-141c-43a0-a926-380082be5d04)	mitre-tool	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4